Download PDFOpen PDF in browserRisk-Based Cyber Mission Assurance Model, Process and MetricsEasyChair Preprint no. 917124 pages•Date: October 27, 2022AbstractThe objective behind cyber mission assurance is to ensure that missions can be performed successfully despite operating in a cyber contested environment. This requires the ability to not only assess potential cybersecurity events, but also to assess their impacts in the first place, and to develop resilience to both the events and their impacts. Resilience is the ability to avoid, withstand or recover from potential adverse events and their impacts. Building from existing guidelines and frameworks, this paper presents a cohesive set of tools that project managers can use to develop a cyber mission assurance program, define requirements or build a cyber mission assurance capacity. The goal is not to reinvent the CMA concepts but rather to provide a structured way to decompose the necessary CMA activities, to execute them and to measure their results. Three complementary elements are described: a layered model that structures types of risks and their relations, a process that assesses the risks and that develops the resilience, and a set of metrics to measure the effectiveness and performance of cyber mission assurance in projects. Attempts at measuring the state of cyber resilience alone are not enough; stakeholders must first measure their state of awareness about the risks of operating in the cyber space. Only on the basis of this awareness can the state of resilience be measured. The presented process and metrics, along with the underlying model, explicitly manage this correlation, therefore supporting informed decision-making during all phases of the life cycle of systems. Keyphrases: Cyber Mission Assurance, Cyber Resiliency, risk management
|
