ABSTRACT

Defensibility and Risk Management   [open pdf - 69KB]

"A common problem in risk management is to characterize the overall security of a system of valuable assets (e.g., government buildings or communication hubs), and to suggest measures to mitigate any security threats. Currently, analysts rely on a combination of security indices, such as resilience (the ability of a system to return to normal rapidly); robustness (the ability to function despite damage); redundancy (spare capacity); security (barriers to limit access); and vulnerability (susceptibility to hazards and/or intentional threats). However, these indices are not always actionable; i.e., they are not themselves sufficient to indicate whether policy makers should invest in improving a given system.  Indeed, it has been observed that some vulnerable systems cannot be improved cost-effectively [1]. Motivated by this gap, we recently proposed an index, defensibility [2], which characterizes how easily the damage to a system can be reduced. A system is highly defensible if a modest investment of resources can significantly reduce the damage from an attack or disruption (Fig. 1). Defensibility is defined in such a way that incommensurable systems can be compared to each other using a single measure.  The most defensible system would then receive the highest priority for defensive resources. […] To summarize, security analysis to date has been focused on existing notions such as vulnerability and resilience.  Our analysis here is based on the observation that some at-risk systems may be much easier to improve than others. We argue that risk analysts and managers would benefit by considering defensibility in their risk management plans."

Author:
Publisher:
Date:
2017-10
Copyright:
2017 by the author(s). Posted here with permission. Documents are for personal use only and not for commercial profit. See document for full rights information.
Retrieved From:
Homeland Security Affairs Journal: http://www.hsaj.org/
Format:
pdf
Media Type:
application/pdf
Source:
Homeland Security Affairs (October 2017), v.13
URL:
Help with citations