resilience in information stewardship
play

Resilience in Information Stewardship Christos Ioannidis, David Pym, - PowerPoint PPT Presentation

Jun 30, 2023 •112 likes •446 views

Resilience in Information Stewardship Christos Ioannidis, David Pym, Julian Williams, and Iat Gheyas -WEIS 2014 - PENNSYLVANIA STATE UNIVERSITY 23 June 2014 (IPWG) () STEWARDSHIP 2 : Resilience 23 June 2014 1 / 33 Resilience in

  1. Resilience in Information Stewardship Christos Ioannidis, David Pym, Julian Williams, and I¤at Gheyas -WEIS 2014 - PENNSYLVANIA STATE UNIVERSITY 23 June 2014 (IPWG) () STEWARDSHIP 2 : Resilience 23 June 2014 1 / 33

  2. Resilience in Information Stewardship 1. De…nitions In the information ecosystem, threats to the con…dentiality, integrity, and availability of individual components the ecosystem can be transmitted to others, impacting negatively on their security status . In such an environment, the role of the : information steward is to maintain the sustainability and resilience of the ecosystem’s nominal operating capacity. (IPWG) () STEWARDSHIP 2 : Resilience 23 June 2014 2 / 33

  3. Resilience in Information Stewardship 1. De…nitions : Sustainability By the sustainability of a system, subject to …nite degradation caused by a persistent stream of attacks, we mean its tendency to remain within speci…ed levels of nominal operating capacity (IPWG) () STEWARDSHIP 2 : Resilience 23 June 2014 3 / 33

  4. Resilience in Information Stewardship 1. De…nitions : Sustainability (IPWG) () STEWARDSHIP 2 : Resilience 23 June 2014 4 / 33

  5. Resilience in Information Stewardship 1. De…nitions : Resilience By resilience, we mean the ability of the system to return back to its operating capacity to within the speci…ed bounds following a shock (IPWG) () STEWARDSHIP 2 : Resilience 23 June 2014 5 / 33

  6. Resilience in Information Stewardship 1. De…nitions : Resilience (IPWG) () STEWARDSHIP 2 : Resilience 23 June 2014 6 / 33

  7. Resilience in Information Stewardship TOWARDS A MODEL We postulate that implicitly the "value" of information assets is signalled by their classi…cation. What’s the mix ? "ICS/SCADA" or "Corporate Information Assets" Our main question centres on whether a …rm would seek to adjust its declared mix of ICS/SCADA and Corporate Information Assets Table: Decisions on: x h , x l , z . Parameters: ψ h , ψ l , α h , α l investments allocation risk-reduction rate attacker elasticity ICS/SCADA x h 1 � z ψ h α h Corporate x l z ψ l α l (IPWG) () STEWARDSHIP 2 : Resilience 23 June 2014 7 / 33

  8. Resilience in Information Stewardship TOWARDS A MODEL ; A case ? In the US, 1,900 bulk power system operators are regulated by The North American Electric Reliability Corporation (NERC). The corporate network has many of the same features as the ICS/SCADA system and there are elements of substitutability between the two. Consider an operator who could phase out using expensive …bre optic cables to communicate between ICS/SCADA systems and substations and replace them with a IP or 3G type communications. A successful penetration of a corporate network that is integrated with an ICS/SCADA now provides attackers with a potentially more e¤ective means of attacking the ICS/ SCADA system. (IPWG) () STEWARDSHIP 2 : Resilience 23 June 2014 8 / 33

  9. Resilience in Information Stewardship TOWARDS A MODEL ; A case ? What’s the response to this technological development, in terms of the system’s ability to withstand a shock ? (IPWG) () STEWARDSHIP 2 : Resilience 23 June 2014 9 / 33

  10. Resilience in Information Stewardship TOWARDS A MODEL ;Developing an Economic Model We consider a set of N T ex-ante identical targets choosing to allocate defensive expenditure x . We consider two types of outlays h and l that correspond to the areas of high and low security where information assets are held: The quantities x h � 0 and x l � 0 denote the one-o¤ investments made at time t 0 in securing assets located in the corresponding areas. And z is a switching variable such that a fraction 0 � z � 1,of assets is allocated between h and l Attackers per target is given by ( η ) (IPWG) () STEWARDSHIP 2 : Resilience 23 June 2014 10 / 33

  11. Resilience in Information Stewardship TOWARDS A MODEL ;Developing an Economic Model 1 . Modelling the Attackers I Instantenous probability of a successful attack. σ i = e � ψ i x i η α i ˜ i 2 f l , h g . i , α parameter that captures the marginal e¤ectiveness of an additional attacker per target ψ parameter that captures the relative rate of risk reduction for additional security investments by targets in each asset (IPWG) () STEWARDSHIP 2 : Resilience 23 June 2014 11 / 33

  12. Resilience in Information Stewardship TOWARDS A MODEL ;Developing an Economic Model 1 . Modelling the Attackers II Let the reward R > 0 for a successful attack be proportional to the assets allocated in each area, h and l , and for notational simplicity let ζ i = l = z and ζ i = h = 1 � z . Set γ = c / R to be the cost ratio of attack, where c is the unit cost of a single attack. When the attacker’s time preference is described by δ . The pro…t function for a single attacker is Z T ˜ e � δ t ζ i η � 1 Π A , i = σ i ( x i , η i ) dt � γ , ˜ i 2 f l , h g . i t 0 (IPWG) () STEWARDSHIP 2 : Resilience 23 June 2014 12 / 33

  13. Resilience in Information Stewardship TOWARDS A MODEL ;Developing an Economic Model 2 . Modelling the Targets I For the targets of such attacks, let L > 0 be an instantaneous value of assets at risk from attack and β 2 R be a subjective discount rate determining the time preferences of all targets.The risk neutral expected loss over the time horizon t 0 < t < T , is given by Z T ˜ e � β t ( z ˜ V L = σ l ( x l , η l ) L + ( 1 � z ) ˜ σ h ( x h , η h ) L ) dt + x l + x h . t 0 (IPWG) () STEWARDSHIP 2 : Resilience 23 June 2014 13 / 33

  14. Resilience in Information Stewardship TOWARDS A MODEL ;Developing an Economic Model The optimal allocation bundle ? ( z � , x � l , x � h ) , (IPWG) () STEWARDSHIP 2 : Resilience 23 June 2014 14 / 33

  15. Resilience in Information Stewardship TOWARDS A MODEL ;Developing an Economic Model Setting up the Solution Assuming that targets and attackers have positive discount rates the appropriate time horizon, T , for empirical analysis, maybe determined endogenously. Let λ be an arbitrarily large,but not in…nite, number. For a given discount rate, ˜ θ = min ( δ , β ) , by construction Z T � 1 ˜ e � θ t dt = 1 . θ Limit T ! ∞ t 0 Therefore, the approximation of the time horizon ˜ T covering the 1 � 1 / λ θ . Assume T = log ( λ ) /˜ ˜ proportion of the future losses is derived from that β > δ and ˜ T = log ( λ ) / δ , such that the interval t 0 to ˜ T covers 90% of the expected present value; that is, λ = 10. (IPWG) () STEWARDSHIP 2 : Resilience 23 June 2014 15 / 33

  16. Resilience in Information Stewardship TOWARDS A MODEL ;Developing an Economic Model Solving the Model I: Non � Cooperative � Nash Equilibrium 0 1 � � 2 e δ T � 1 L ψ i ψ 2 α i A � α i δ T B C j x � = log @ , i 2 f l , h g , j 2 f l , h g , j 6 = i � � 2 i ψ i ψ i γδβ ψ j + ψ i ψ l z � = . ψ h + ψ l (IPWG) () STEWARDSHIP 2 : Resilience 23 June 2014 16 / 33

  17. Resilience in Information Stewardship TOWARDS A MODEL ;Developing an Economic Model Solving the Model I: Non � Cooperative � Nash Equilibrium 0 1 � � 2 e δ T � 1 L ψ i ψ 2 α i A � α i δ T B C j x � = log @ , i 2 f l , h g , j 2 f l , h g , j 6 = i � � 2 i ψ i ψ i γδβ ψ j + ψ i ψ l z � = . (1) ψ h + ψ l ! 1 ψ j ( e δ T � 1 ) e � x � i ψ i � δ T 1 � α l η � i = , i 2 f l , h g , j 2 f l , h g , j 6 = i , γδ ( ψ i + ψ j ) (IPWG) () STEWARDSHIP 2 : Resilience 23 June 2014 16 / 33

  18. Resilience in Information Stewardship TOWARDS A MODEL ;Developing an Economic Model 3. Introducing the Steward The …rst stewardship action we evaluate replicates our previous work by postulating a Stackelberg policy framework in which the policy-maker stewarding the system sets rules relative to a target level of sustainability. When the steward is fully informed, our model reverts to the mechanism design problem in which the steward is able to set a mandatory investment bundle on the individual targets ( ¯ x l , ¯ x h ) as well as imposing a speci…c z . asset allocation ¯ (IPWG) () STEWARDSHIP 2 : Resilience 23 June 2014 17 / 33

  19. Resilience in Information Stewardship TOWARDS A MODEL ;Developing an Economic Model Solving the Model II: Introducing the Steward: The fully informed steward � � � 1 �� � � � 1 + α i 1 e δ T � 1 ¯ 1 � α j x i = log ψ j ψ i + ψ j log γδ + ψ i ψ i 0 1 0 1 ¯ @ � ¯ β T ( α i � 1 ) β ( α j � 1 ) � δ T α i A + ( α i � 1 ) @ A , � � log ψ i ψ i ψ i e ¯ β T � 1 L ψ i i 2 f l , h g , j 2 f l , h g , j 6 = i 0 1 1 � � 1 � α i e δ T � 1 e � ¯ x i ψ i � δ T @ ψ i ¯ A � � η i = , i 2 f l , h g , j 2 f l , h g , j 6 = i γδ ψ j + ψ i (IPWG) () STEWARDSHIP 2 : Resilience 23 June 2014 18 / 33

  20. Resilience in Information Stewardship TOWARDS A MODEL ;Developing an Economic Model Introducing the Steward: Does it work ? Compare the attacking intensities as ¯ x l , ¯ x h > x � l , x � h (proposition 3) 0 1 0 1 1 1 � � @ ψ j ( e δ T � 1 ) e � x � i ψ i � δ T 1 � α i 1 � α l e δ T � 1 e � ¯ x i ψ i � δ T @ ψ i ¯ A A < η � � � η i = i = γδ ( ψ i + ψ j ) γδ ψ j + ψ i (IPWG) () STEWARDSHIP 2 : Resilience 23 June 2014 19 / 33

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Generational Thinking, Mindful Action Resilience, Stewardship, and Governance at the Blue

Generational Thinking, Mindful Action Resilience, Stewardship, and Governance at the Blue

Generational Thinking, Mindful Action Resilience, Stewardship, and Governance at the Blue Lake Rancheria Jana Ganion, Sustainability &amp; Government Affairs Director, Blue Lake Rancheria California Bioresources Economy Summit Berkeley,

431 views • 12 slides
When When When When Stewardship Stewardship Stewardship Stewardship Meets Meets

When When When When Stewardship Stewardship Stewardship Stewardship Meets Meets

When When When When Stewardship Stewardship Stewardship Stewardship Meets Meets Cultivation Cultivation Cultivation Cultivation Maureen D. Donnelly Director, Stewardship and Donor Relations, Boston University Director Association of

220 views • 19 slides
5A - Funding Stewardship Costs Using Stewardship Fees Stewardship Fees Presenter: Barbara

5A - Funding Stewardship Costs Using Stewardship Fees Stewardship Fees Presenter: Barbara

Presentation to the OLTA Gathering October 29, 2010 5A - Funding Stewardship Costs Using Stewardship Fees Stewardship Fees Presenter: Barbara Heidenreich Natural Heritage Coordinator Ontario Heritage Trust Learning objectives 1. Basic

159 views • 5 slides
4R Nutrient Stewardship: 4R Nutrient Stewardship: CCA Involvement Lara Moody, P.E. Director of

4R Nutrient Stewardship: 4R Nutrient Stewardship: CCA Involvement Lara Moody, P.E. Director of

4R Nutrient Stewardship: 4R Nutrient Stewardship: CCA Involvement Lara Moody, P.E. Director of Stewardship Programs Increased Scrutiny of Land and Resource Management Negative headlines effecting public opinion Potential rulemaking

551 views • 23 slides
resilience Professor Kate Thomas c.p.thomas@bham.ac.uk What is resilience? Resilience is the

resilience Professor Kate Thomas c.p.thomas@bham.ac.uk What is resilience? Resilience is the

How to improve our resilience Professor Kate Thomas c.p.thomas@bham.ac.uk What is resilience? Resilience is the process of adapting well in the face of adversity, trauma, tragedy, threats or significant sources of stress Resilience is

287 views • 9 slides
Energy Stewardship Program TAMU College Station Energy Stewardship Team Energy Stewardship

Energy Stewardship Program TAMU College Station Energy Stewardship Team Energy Stewardship

Energy Stewardship Program TAMU College Station Energy Stewardship Team Energy Stewardship Team 2 Charlie Shear Supervisor Energy Stewardship Jack Cook Don Fazzino Energy Steward Energy Steward Keith Bornmann Betty Morgan Energy Steward

285 views • 24 slides
Stewardship is what we do to act out our faith and the blessings God gave us. The stewardship

Stewardship is what we do to act out our faith and the blessings God gave us. The stewardship

Stewardship is what we do to act out our faith and the blessings God gave us. The stewardship committee started thinking about what to call this series and the Holy Spirit certainly gave us inspiration to come up with a name and even a symbol

876 views • 49 slides
The Pes'cide Stewardship Alliance 15 th Annual Pes'cide Stewardship

The Pes'cide Stewardship Alliance 15 th Annual Pes'cide Stewardship

The Pes'cide Stewardship Alliance 15 th Annual Pes'cide Stewardship Conference Savannah, GA Drew Lausch Office of Resource Conserva'on and Recovery USEPA

465 views • 8 slides
HIGHLIGHTS for Departmental Administrators Stewardship Customer Service Stewardship +

HIGHLIGHTS for Departmental Administrators Stewardship Customer Service Stewardship +

Quality Research Administration Meeting December 2015 HIGHLIGHTS for Departmental Administrators Stewardship Customer Service Stewardship + Customer Service Stewardship Customer Service Stewardship Customer Service = Facilitating

348 views • 12 slides
ANTIMICROBIAL STEWARDSHIP Introduce the concept of antimicrobial stewardship (AMS) in AN

ANTIMICROBIAL STEWARDSHIP Introduce the concept of antimicrobial stewardship (AMS) in AN

06/08/2020 Session Outcomes Discuss the origins of bacteria, antibiotics and the development of antimicrobial resistance (AMR) ANTIMICROBIAL STEWARDSHIP Introduce the concept of antimicrobial stewardship (AMS) in AN INTRODUCTION TO

274 views • 9 slides
Transformative Agenda 10:00 am Opening Prayers, Welcome and Introductions 10:15 am Stewardship

Transformative Agenda 10:00 am Opening Prayers, Welcome and Introductions 10:15 am Stewardship

Stewardship School Making Stewardship Transformative Agenda 10:00 am Opening Prayers, Welcome and Introductions 10:15 am Stewardship Bible Study &amp; Reflection Handout: Scripture Passage 10:45am Moving from Crisis Based Pledge Campaigns

455 views • 31 slides
Disaster Resilience Climate Resilience Webinar Series U.S. Department of Housing and Urban

Disaster Resilience Climate Resilience Webinar Series U.S. Department of Housing and Urban

Energy Investments for Disaster Resilience Climate Resilience Webinar Series U.S. Department of Housing and Urban Development Disclaimer This presentation is intended to provide communities and states with the tools and information to

878 views • 55 slides
Critical Infrastructure Resilience Climate Resilience Webinar Series U.S. Department of Housing

Critical Infrastructure Resilience Climate Resilience Webinar Series U.S. Department of Housing

Critical Infrastructure Resilience Climate Resilience Webinar Series U.S. Department of Housing and Urban Development Disclaimer This presentation is intended to provide communities and states with the tools and information to help in

467 views • 18 slides
Do Now: Resilience 1. Create a Circle Map for resilience. 2. Look at the pictures. What

Do Now: Resilience 1. Create a Circle Map for resilience. 2. Look at the pictures. What

Do Now: Resilience 1. Create a Circle Map for resilience. 2. Look at the pictures. What do you think resilience means? 3. Write your ideas in a Circle Map. Unit 3 Stories of Resilience 1. Write your definition of Resilience is...

455 views • 6 slides
IHI Expedition Antibiotic Stewardship Session 4: Embedding Stewardship Processes into Care

IHI Expedition Antibiotic Stewardship Session 4: Embedding Stewardship Processes into Care

May 1, 2014 These presenters have nothing to disclose IHI Expedition Antibiotic Stewardship Session 4: Embedding Stewardship Processes into Care Delivery Jeff Rohde, MD Megan Mack, MD Diane Jacobsen, MPH Todays Host 2 Sarah Konstantino

984 views • 43 slides
Developing Resilience Parent Council Meeting What is resilience . Resilience is the ability to

Developing Resilience Parent Council Meeting What is resilience . Resilience is the ability to

Developing Resilience Parent Council Meeting What is resilience . Resilience is the ability to bounce back after something negative like a tough situation or difficult time and then get back to feeling just about as good as you felt

517 views • 12 slides
UCI International, Inc. Q1 2015 Results | May 13, 2015 Confidential Disclaimer This

UCI International, Inc. Q1 2015 Results | May 13, 2015 Confidential Disclaimer This

UCI International, Inc. Q1 2015 Results | May 13, 2015 Confidential Disclaimer This presentation may contain forward-looking statements as that term is defined in the Private Securities Litigation Reform Act of 1995. The words

176 views • 15 slides
emagnification: 2019 Nordic and Baltic Stata Users a tool f for e esti timati ting e effect

emagnification: 2019 Nordic and Baltic Stata Users a tool f for e esti timati ting e effect

emagnification: 2019 Nordic and Baltic Stata Users a tool f for e esti timati ting e effect t size m magnificati tion Group Meeting and performing design c calcu culations i in epidemiological s studies Karolinska Institute

700 views • 51 slides
Oak Ridge National Laboratory R. Scott Studham Chief Information Officer Becky Verastegui

Oak Ridge National Laboratory R. Scott Studham Chief Information Officer Becky Verastegui

IT Transformation at Oak Ridge National Laboratory R. Scott Studham Chief Information Officer Becky Verastegui Division Director, Information Technology Services Division Managed by UT-Battelle for the Department of Energy ORNL circa 2000

364 views • 22 slides
Eternal Domination in Grid-like Graphs Fionn Mc Inerney, Nicolas Nisse, St ephane P erennes

Eternal Domination in Grid-like Graphs Fionn Mc Inerney, Nicolas Nisse, St ephane P erennes

Eternal Domination in Grid-like Graphs Fionn Mc Inerney, Nicolas Nisse, St ephane P erennes Universit e C ote dAzur, Inria, CNRS, I3S, France Northwestern Polytechnical University, Xian, Sept. 9th, 2019 1/26 F. Mc Inerney, N.

1.15k views • 84 slides
Web Architecture 253 Privacy &amp; Security who's this guy? columbia university school of

Web Architecture 253 Privacy &amp; Security who's this guy? columbia university school of

Web Architecture 253 Web Architecture 253 Web Architecture 253 Privacy &amp; Security who's this guy? columbia university school of engineering and applied science bs in computer science 1999 who's this guy? 13+ years writing software and

878 views • 63 slides
A Brief Intro to Security December 5th, 2013 What is Computer Security? The protection

A Brief Intro to Security December 5th, 2013 What is Computer Security? The protection

A Brief Intro to Security December 5th, 2013 What is Computer Security? The protection afforded to an automated information system in order to attain the applicable objectives of preserving the integrity, availability, and

296 views • 14 slides
CSE 127: Introduction to Security Deian Stefan UCSD Winter 2020 Lecture 1 Course staff

CSE 127: Introduction to Security Deian Stefan UCSD Winter 2020 Lecture 1 Course staff

CSE 127: Introduction to Security Deian Stefan UCSD Winter 2020 Lecture 1 Course staff Instructor: Deian Stefan deian@cs.ucsd.edu Lecture: Mon &amp; Wed 5-6:20pm Center 109 Discussion: Fri 2-2:50pm Center 216 Office Hours: Wed

628 views • 49 slides
Provably Secure Machine Learning Jacob Steinhardt ARO Adversarial Machine Learning Workshop

Provably Secure Machine Learning Jacob Steinhardt ARO Adversarial Machine Learning Workshop

Provably Secure Machine Learning Jacob Steinhardt ARO Adversarial Machine Learning Workshop September 14, 2017 Why Prove Things? Attackers often have more motivation/resources than defenders Heuristic defenses: arms race between attack and

738 views • 52 slides

More recommend