Business metrics play a critical role in determining the best IT-level system setup and reconfiguration options to achieve an organizational business-level goal. This collaborative project with IBM is developing a framework for managing the business health of an enterprise despite security attacks. In particular, the framework addresses situations in system administration that involve multi-objective decision-making while taking into account both business-level and IT-level metrics. The attack-response tree (ART) formalism is being extended and used to translate underlying IT-level measures into high-level business metrics, thereby enabling assessment of overall business health. The proposed framework is being validated against high-impact attack classes that are common for online enterprises that execute multiple business processes.
(Funded by IBM.)