TY - CONF
AU - Ashutosh Dutta
AU - Ehab Al-Shaer
AB - The objective of this research is to develop a novel and an automated approach to compose the optimal and resilient risk mitigation planning by selecting the most critical security controls (CSC) considering affordable residual risk (risk appetite), budget, resiliency, and enterprise-oriented usability constraints. 
BT - ACM
DA - 2019-04
DO - 10.1145/3314058.3317725
N1 - We developed a model named "Cyber Defense Matrix (CDM)" that resemblances the deployed cyber defense strategy. The structure of CDM incorporating three dimensions: Security Function (what), Enforcement Level (where), and Kill Chain Phase (why) enables the composition of multi-layer and multi-stage resilient defense configuration. Our approach leverages CDM to determine which security controls are needed for "what" security function (Identify, Protect, Detect, Respond, and Recover), "where" each security control should be enforced in the cyber systems (Network, Device, People, Application, and Data), and "why" they are effective (i.e., against what attack and wherein the kill chain). We formulate the approach to compute the resilient cybersecurity planning as CDM using SMT constraints
N2 - The objective of this research is to develop a novel and an automated approach to compose the optimal and resilient risk mitigation planning by selecting the most critical security controls (CSC) considering affordable residual risk (risk appetite), budget, resiliency, and enterprise-oriented usability constraints. 
PY - 2019
T2 - ACM
TI - Cyber defense matrix: a new model for optimal composition of cybersecurity controls to construct resilient risk mitigation
UR - https://dl.acm.org/doi/abs/10.1145/3314058.3317725
ER -