{"title":"Simulation Modeling Cyber Threats, Risks, and Prevention Costs","authors":"James E. Lerums, La'Reshia D. Poe, J. E. Dietz","doi":"10.1109/EIT.2018.8500240","DOIUrl":null,"url":null,"abstract":"Money spent on cybersecurity doesn't easily translate into an increase in an organization's operational success or increase in revenues and profitability. However, an organization suffering from a cyber-attack could incur significant additional costs which can detrimentally impact an organization trivially or catastrophically. This paper introduces a simulation model for analyzing the effectiveness versus cost of cyber security options. The outcomes of this study is a simulation model using state charts capable of running a configurable attack scenario several times for a specified enterprise network and threat. Given publicly available information our findings after running a phishing attack on a departmental workstation with the internal network's domain controller as the final target revealed that the overall success rate of a phishing attack reaching any node in a “generic enterprise” architecture is 20%, with less than 0% of the attacks reaching the intended target.","PeriodicalId":188414,"journal":{"name":"2018 IEEE International Conference on Electro/Information Technology (EIT)","volume":"90 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2018-05-03","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"6","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"2018 IEEE International Conference on Electro/Information Technology (EIT)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/EIT.2018.8500240","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
引用次数: 6
Abstract
Money spent on cybersecurity doesn't easily translate into an increase in an organization's operational success or increase in revenues and profitability. However, an organization suffering from a cyber-attack could incur significant additional costs which can detrimentally impact an organization trivially or catastrophically. This paper introduces a simulation model for analyzing the effectiveness versus cost of cyber security options. The outcomes of this study is a simulation model using state charts capable of running a configurable attack scenario several times for a specified enterprise network and threat. Given publicly available information our findings after running a phishing attack on a departmental workstation with the internal network's domain controller as the final target revealed that the overall success rate of a phishing attack reaching any node in a “generic enterprise” architecture is 20%, with less than 0% of the attacks reaching the intended target.
京公网安备 11010802042870号
京ICP备2023020795号-1
分享
求助内容:
应助结果提醒方式:
扫码关注我们
