A Pragmatic System−failure Assessment and Response Model
Jassim Happa‚ Graham Fairclough‚ Jason R.C. Nurse‚ Ioannis Agrafiotis‚ Michael Goldsmith and Sadie Creese
Abstract
Several attack models exist today that attempt to describe cyber-attacks to varying degrees of granularity. Fast and effective decision-making during cyber-attacks is often vital, especially during incidents in which reputation, finance and physical damage can have a crippling effect on people and organisations. Such attacks can render an organisation paralysed, and it may cease to function, we refer to such an incident as a “System Failure”. In this paper we propose a novel conceptual model to help analysts make pragmatic decisions during a System Failure. Our model distils the essence of attacks and provides an easy-to-remember framework intended to help analysts ask relevant questions at the right time, irrespective of what data is available to them. Using abstraction-based reasoning our model allows enterprises to achieve “some” situational awareness during a System Failure, but more importantly, enable them to act upon their understanding and to justify their decisions. Abstraction drives the reasoning process making the approach relevant today and in the future, unlike several existing models that become deprecated over time (as attacks evolve). In the future, it will be necessary to trial the model in exercises to assess its value.