Quantifying Cyberinfrastructure Resilience against Multi-Event Attacks

Decision Sciences

Volumn 43, Issue 4, 2012, Pages 687-710

  Zobel, Christopher W ^a   Khansa, Lara ^a  

^a VIRGINIA POLYTECHNIC INSTITUTE AND STATE UNIVERSITY   (United States)

Author keywords

and Network Security; Disaster Resilience; Information Infrastructure; Multi Event Resilience

Indexed keywords

EID: 84863544613     PISSN: 00117315     EISSN: 15405915     Source Type: Journal    
DOI: 10.1111/j.1540-5915.2012.00364.x     Document Type: Article

References (37)

1. Blair, D. C. (2009). Annual threat assessment of the intelligence community for the Senate Select Committee on Intelligence. Office of the Director of National Intelligence, Washington, DC
2. Bruneau, M., Chang, S. E., Eguchi, R. T., Lee, G. C., O'Rourke, T. D., Reinhorn, A. M., et al. (2003). A framework to quantitatively assess and enhance the seismic resilience of communities. Earthquake Spectra, 19(4), 733-752.
3. Cavusoglu, H., Mishra, B., & Raghunathan, S. (2004). The effect of internet security breach announcements on market value of breached firms and internet security developers. International Journal of Electronic Commerce, 9(1), 69-105.
4. Cavusoglu, H., Mishra, B., & Raghunathan, S. (2005). The value of intrusion detection systems in information technology security architecture. Information Systems Research, 16(1), 28-46.
5. Cavusoglu, H., & Raghunathan, S. (2009). Configuration of and interaction between information security technologies: The case of firewalls and intrusion detection systems. Information Systems Research, 20(2), 198-217.
6. Chittister, C. G., & Haimes, Y. Y. (2011). The role of modeling in the resilience of cyberinfrastructure systems and preparedness for cyber intrusions. Journal of Homeland Security and Emergency Management, 8(1), 1547-1577.
7. Cimellaro, G., Reinhorn, A., & Bruneau, M. (2010). Seismic resilience of a hospital system. Structure and Infrastructure Engineering, 6(1), 127-144.
8. Computer Security Institute. (2009). 2009 Computer Crime & Security Survey. Retrieved from
9. Craighead, C. W., Blackhurst, J., Rungtusanatham, M. J., & Handfield, R. B. (2007). The severity of supply chain disruptions: Design characteristics and mitigation capabilities. Decision Sciences, 38(1), 131-156.
10. Cutter, S., Barnes, L., Berry, M., Burton, C., Evans, E., Tate, E., et al. (2008). A place-based model for understanding community resilience to natural disasters. Global Environmental Change, 18(4), 598-606.
11. Garber, L. (2000). Denial-of-service attacks rip the Internet. IEEE Computer, 33(4), 12-17.
12. Haimes, Y. (2009). On the definition of resilience in systems. Risk Analysis: An International Journal, 29(4), 498-501.
13. Kesh, S., & Ratnasingam, P. (2007). A knowledge architecture for IT security. Communications of the ACM, 50(7), 103-108.
14. Khansa, L., & Liginlal, D. (2009a). Quantifying the benefits of investing in information security. Communications of the ACM, 52(11), 113-117.
15. Khansa, L., & Liginlal, D. (2009b). Valuing the flexibility of investing in security process innovations. European Journal of Operational Research, 192(1), 216-235.
16. Kumar, R. L., Park, S., & Subramaniam, C. (2008). Understanding the value of countermeasure portfolios in information systems security. Journal of Management Information Systems, 25(2), 241-280.
17. Liberatore, F., Scaparra, M. P., & Daskin, M. S. (2011). Analysis of facility protection strategies against an uncertain number of attacks: The stochastic R-interdiction median problem with fortification. Computers & Operations Research, 38(1), 357-366.
18. Liginlal, D., Sim, I., & Khansa, L. (2009). How significant is human error as a cause of privacy breaches? An empirical study and a framework for error management. Computers & Security, 28(3-4), 215-228.
19. Longstaff, P. (2008). Managing and regulating networked industries for sustainability and resilience. Proceedings of the First International Conference on Infrastructure Systems and Services: Building Networks for a Brighter Future (INFRA). Rotterdam, The Netherlands: IEEE, 1-5.
20. McDaniels, T., Chang, S. E., Cole, D., Mikawoz, J., & Longstaff, H. (2008). Fostering resilience to extreme events within infrastructure systems: Characterizing decision contexts for mitigation and adaptation. Global Environmental Change, 18(2), 310-318.
21. Muralidhar, K., Sarathy, R., & Parsa, R. (2001). An improved security requirement for data perturbation with implications for E-commerce. Decision Sciences, 32(4), 683-698.
22. O'Rourke, T. D., Lembo, A. J., & Nozick, L. K. (2003). Lessons learned from the World Trade Center disaster about critical utility systems. InBeyond September 11th: An Account of Post-Disaster Research. Boulder, CO: University of Colorado, Natural Hazards Research and Applications Information Center, 269-290.
23. Rieger, C. G., Gertman, D. I., & McQueen, M. A. (2009). Resilient control systems: Next generation design research. Proceedings of the Second Conference on Human System Interactions. Catania, Italy: IEEE, 632-636.
24. Shinozuka, M., Chang, S. E., Cheng, T.-C., Feng, M., O'Rourke, T. D., Saadeghvaziri, M. A., ... Shi, P. (2004). Resilience of integrated power and water systems. In MCEER (Ed.), MCEER Research Progress and Accomplishments: 2003-2004. Buffalo, NY: MCEER, 65-86.
25. Straub, D. W., & Straub, W. (1990). Effective IS security. Information Systems Research, 1(3), 255-276.
26. Sun, L., Srivastava, R. P., & Mock, T. J. (2006). An information systems security risk assessment model under the Dempster-Shafer theory of belief functions. Journal of Management Information Systems, 22(4), 109-142.
27. Tierney, K., & Bruneau, M. (2007). Conceptualizing and measuring resilience: A key to disaster loss reduction. TR News, 250, 14-17.
28. Umberger, H., & Gheorghe, A. (2011). Cyber security: Threat identification, risk and vulnerability assessment. In A. Gheorghe, & L. Muresan (Eds.), Energy Security: International and Local Issues, Theoretical Perspectives, and Critical Energy Infrastructures. Amsterdam, The Netherlands: Springer, 247-269.
29. Wang, J., Chaudhury, A., & Rao, H. R. (2008). A value-at-risk approach to information security investment. Information Systems Research, 19(1), 106-120.
30. Wang, J., Varman, P., & Xie, C. (2010). Avoiding performance fluctuation in cloud storage. Proceedings of the International Conference on High Performance Computing (HiPC), Dona Paula, 1-9.
31. Yoran, A. (2004). Statement of Amit Yoran, Director, National Cyber Security Division, Department of Homeland Security. In US Senate Committee on the Judiciary. Virtual threat, real terror: Cyberterrorism in the 21st century. Hearing before the Subcommittee on Terrorism, Technology and Homeland Security, 108th Congress, 2nd session, 8-18. Retrieved from
32. Yue, W. T., & Çakanyildirim, M. (2007). Intrusion prevention in information systems: Reactive and proactive responses. Journal of Management Information Systems, 24(1), 329-353.
33. Yue, W. T., Çakanyildirim, M., Ryu, Y. U., & Liu, D. (2007). Network externalities, layered protection and IT security risk management. Decision Support Systems, 44(1), 1-16.
34. Zhou, C. V., Leckie, C., & Karunasekera, S. (2010). A survey of coordinated attacks and collaborative intrusion detection. Computers & Security, 29(1), 124-140.
35. Zhuang, J., & Bier, V. M. (2007). Balancing terrorism and natural disasters defensive strategy with endogenous attacker effort. Operations Research, 55(5), 976-991.
36. Zobel, C. W. (2010). Comparative visualization of predicted disaster resilience. Proceedings of the 7th International ISCRAM Conference. Seattle, WA: ISCRAM, 1-5.
37. Zobel, C. W. (2011). Representing perceived tradeoffs in defining disaster resilience. Decision Support Systems, 50(2), 394-403.