Determining Asset Criticality for Cyber Defense

摘要

Current cyber network defense practices lack a standard methodology to properly determine event priority. Events are generally handled on a first- come first-serve basis. Some limited knowledge of target assets is applied, but in a non-standard manner based on the decision-maker's domain-specific knowledge. This not only requires proficient domain expertise, but is also very manpower intensive. We need an asset criticality metric that enables users to address events that target critical assets first. Determining asset criticality is not a trivial problem. The various contributing factors must be identified and combined. Hierarchical missions and commands that they support must be considered. Dependency relationships should also be factored in. In this paper, we report our ongoing research for determining asset criticality.