• PDF / 486,354 Bytes
• 17 Pages / 439.37 x 666.142 pts Page_size
• 81 Downloads / 167 Views

DOWNLOAD

REPORT

Abstract. The pervasive growth and diffusion of complex IT systems, which handle critical business aspects of today’s enterprises and which cooperate through computer networks, has given rise to a significant expansion of the exposure surface towards cyber security threats. A threat, affecting a given IT system, may cause a ripple effect on the other interconnected systems often with unpredictable consequences. This type of exposition, known as cyber systemic risk, is a very important concern especially for the international banking system and it needs to be suitably taken into account during the requirement analysis of a bank IT system. This paper proposes the application of a goal-oriented methodology (GOReM), during the requirements specification phase, in order to consider adequate provisions for prevention and reaction to cyber systemic risk in banking systems. In particular, the context of the Italian banking system is considered as a case study. Keywords: Business Continuity · Disaster Recovery · Systemic risk · Cyber threat · Goal-Oriented Methodology · Requirements Engineering

1

Introduction

During the last few years, the diffusion of cyber threats has seen a steep growth at a rate which is predicted to increase in the near future [13]. Cyber security threats include events such as accidental cyber-related incidents or deliberate actions coming from external entities such as hacker attacks and virus/worm/malicious software infiltrations [17]. These threats might directly affect industrial control systems and processes and need to be properly managed [22]. The effects of a threat exploit on a given system, may propagate through communication networks causing damages to other interconnected systems and giving rise to a ripple effect. This phenomenon, where a threat triggers a knock-on effect among different enterprises, is known as systemic risk and has been the subject of many studies in the financial and economic domains [16]. Provisions against the cyber systemic risk are usually directed to establish a strategy for circumscribing negative effects, e.g. by activating alternative solutions to the damaged systems, and to slow down, and possibly to stop the propagation towards the other interconnected systems. c IFIP International Federation for Information Processing 2016  Published by Springer International Publishing Switzerland 2016. All Rights Reserved F. Buccafurri et al. (Eds.): CD-ARES 2016, LNCS 9817, pp. 158–174, 2016. DOI: 10.1007/978-3-319-45507-5 11

Modeling Cyber Systemic Risk for the Business Continuity Plan of a Bank

159

Nowadays, a big-enterprise IT system is usually geographically distributed, pervasive and ubiquitous for its internal and external users. Therefore, each of such systems consists of a network of subsystems where the cyber systemic risk must be reduced as much as possible. Cyber security risk has to be continuously monitored, while real-time recovery and support procedures, assuring an enough degree of system availability, have to be provided [1,4]. Systemic effects have to be reduc

Recommend Documents

Business Plan

224 10 54MB

Bank regulation and systemic risk: cross country evidence

155 39 857KB

Business Continuity Management

142 8 10MB

Liquidity Risk, Efficiency and New Bank Business Models

172 60 6MB

Business Continuity Management in Construction

174 28 11MB

Cyber risk research in business and actuarial science

163 107 835KB

Beyond the Business Plan 10 Principles for New Venture Explorers

155 80 9MB

Cyber-Risk Management

429 106 2MB

Architecture-level particular risk modeling and analysis for a cyber-physical system with AADL

144 3 870KB

Integrated Approach for Modeling Cyber Physical Systems

200 25 29MB

Systemic Risk Factors

148 34 17MB

Bank Performance, Risk and Securitization

186 85 4MB