We found a match
Your institution may have access to this item. Find your institution then sign in to continue.
- Title
Resilience of Cyber Systems with Over- and Underregulation.
- Authors
Gisladottir, Viktoria; Ganin, Alexander A.; Keisler, Jeffrey M.; Kepner, Jeremy; Linkov, Igor
- Abstract
Recent cyber attacks provide evidence of increased threats to our critical systems and infrastructure. A common reaction to a new threat is to harden the system by adding new rules and regulations. As federal and state governments request new procedures to follow, each of their organizations implements their own cyber defense strategies. This unintentionally increases time and effort that employees spend on training and policy implementation and decreases the time and latitude to perform critical job functions, thus raising overall levels of stress. People's performance under stress, coupled with an overabundance of information, results in even more vulnerabilities for adversaries to exploit. In this article, we embed a simple regulatory model that accounts for cybersecurity human factors and an organization's regulatory environment in a model of a corporate cyber network under attack. The resulting model demonstrates the effect of under- and overregulation on an organization's resilience with respect to insider threats. Currently, there is a tendency to use ad-hoc approaches to account for human factors rather than to incorporate them into cyber resilience modeling. It is clear that using a systematic approach utilizing behavioral science, which already exists in cyber resilience assessment, would provide a more holistic view for decisionmakers.
- Subjects
COUNTERTERRORISM; CYBERTERRORISM laws; CYBERTERRORISM policy; CYBERTERRORISM
- Publication
Risk Analysis: An International Journal, 2017, Vol 37, Issue 9, p1644
- ISSN
0272-4332
- Publication type
Article
- DOI
10.1111/risa.12729