Paper Info
Title
Automatic network restructuring and risk mitigation through business process asset dependency analysis
Abstract
In the 4th industrial revolution era, security of multiple interconnected devices has become a critical issue. A rapidly increasing number of cybersecurity incidents emerge due to complex interconnected sensors, devices, and systems used in the Internet of Things. In this paper, we tackle the need for automation in security risk analysis and restructuring of such networks. The presented framework models the connections of assets and devices so as to depict their interdependencies on a company's business processes and effectively reduces their overall risk against cybersecurity threats. It achieves this by (1) identifying critical components and dependency structural risks, (2) prioritizing assets based on their influence on business processes and (3) proposing network restructures and asset clusters. To do that, the proposed algorithm utilizes (i) dependency risk graphs for modeling and analyzing networks dependencies, (ii) graph minimum spanning trees, and (iii) network centrality metrics. We test the implementation on a real-world company and demonstrate its effectiveness. Results show that the framework can automatically identify critical components and dependency structural risks and propose different network topologies by creating the optimum number of asset subnets, while retaining business operations. Tests show that the closeness centrality metric combined with the midpoint on extreme values calculation type works best for network asset grouping and subnetting.
Year
DOI
Venue
2020
10.1016/j.cose.2020.101869
Computers & Security
Keywords
DocType
Volume
Risk assessment,Risk mitigation,Business impact,Dependency risk graphs,Graph centrality
Journal
96
ISSN
Citations 
PageRank 
0167-4048
1
0.37
References 
Authors
0
3
Name
Order
Citations
PageRank
George Stergiopoulos1369.25
Panagiotis Dedousis211.38
D. Gritzalis3226.05