Al Hidaifi, S. M., Asghar, M. R. and Ansari, I. S. (2024) Towards a cyber resilience quantification framework (CRQF) for IT infrastructure. Computer Networks, (doi: 10.1016/j.comnet.2024.110446) (In Press)
Text
324835.pdf - Published Version Available under License Creative Commons Attribution. 5MB |
Abstract
Cyber resilience quantification is the process of evaluating and measuring an organisation’s ability to withstand, adapt to, and recover from cyber-attacks. It involves estimating IT systems, networks, and response strategies to ensure robust defence and effective recovery mechanisms in the event of a cyber-attack. Quantifying cyber resilience can be difficult due to the constantly changing components of IT infrastructure. Traditional methods like vulnerability assessments and penetration testing may not be effective. Measuring cyber resilience is essential to evaluate and strengthen an organisation’s preparedness against evolving cyber-attacks. It helps identify weaknesses, allocate resources, and ensure the uninterrupted operation of critical systems and information. There are various methods for measuring cyber resilience, such as evaluating, teaming and testing, and creating simulated models. This article proposes a cyber resilience quantification framework for IT infrastructure that utilises a simulation approach. This approach enables organisations to simulate different attack scenarios, identify vulnerabilities, and improve their cyber resilience. The comparative analysis of cyber resilience factors highlights pre-configuration’s robust planning and adaptation (61.44%), buffering supported’s initial readiness (44.53%), and network topologies’ robust planning but weak recovery and adaptation (60.04% to 77.86%), underscoring the need for comprehensive enhancements across all phases. The utilisation of the proposed factors is crucial in conducting a comprehensive evaluation of IT infrastructure in the event of a cyber-attack.
Item Type: | Articles |
---|---|
Status: | In Press |
Refereed: | Yes |
Glasgow Author(s) Enlighten ID: | Ansari, Dr Imran and Al Hidaifi, Saleh Mohamed Said |
Creator Roles: | Al Hidaifi, S. M. S.Writing – original draft, Writing – review and editing Ansari, I.Supervision, Writing – original draft, Writing – review and editing |
Authors: | Al Hidaifi, S. M., Asghar, M. R., and Ansari, I. S. |
College/School: | College of Science and Engineering College of Science and Engineering > School of Engineering > Systems Power and Energy |
Journal Name: | Computer Networks |
Publisher: | Elsevier |
ISSN: | 1389-1286 |
ISSN (Online): | 1872-7069 |
Published Online: | 20 April 2024 |
Copyright Holders: | Copyright © 2024 Elsevier |
First Published: | First published in Computer Networks 2024 |
Publisher Policy: | Reproduced under a Creative Commons License |
University Staff: Request a correction | Enlighten Editors: Update this record