Abstract
While risk in many areas of science and security is quantitatively understood as expected loss, resilience is a frequently used but much less formalized term. Defining the term plainly as the probability of outage appears as an oversimplification of practical matters, since precautions towards resilience typically target at impacts and may be without influence on any likelihoods of outage at all. We thus propose a quantitative definition of resilience inspired by and in alignment with the understanding of risk as the product of likelihood and impact. Our measure is based on the same ingredients as risk measures, but takes the level of preparedness as an additional variable into account. We discuss the embedding of this measure in the landscape of security risk management, as well as we point out issues and possibilities to the finding of the inputs from which resilience can be computed. A worked example illustrates and corroborates our proposed method.
Original language | English |
---|---|
Title of host publication | Lecture Notes in Computer Science |
Publisher | Springer |
Pages | 57-71 |
Number of pages | 15 |
ISBN (Print) | 978-3-030-05849-4 |
DOIs | |
Publication status | Published - 2018 |
Event | CRITIS 2018, The 13th International Conference on Critical Information Infrastructures Security - Duration: 24 Sept 2018 → 26 Sept 2018 |
Conference
Conference | CRITIS 2018, The 13th International Conference on Critical Information Infrastructures Security |
---|---|
Period | 24/09/18 → 26/09/18 |
Research Field
- Cyber Security