An n-sided polygonal model to calculate the impact of cyber security events

TL;DR

This paper introduces a polygonal model to visually and quantitatively assess the impact of cyber security events by representing system entities and their contributions through geometrical operations.

Contribution

The paper proposes a novel n-sided polygonal model using multi-criteria weighting to graphically compare cyber event impacts, integrating diverse system entities.

Findings

Model effectively visualizes cyber event impacts.

Geometrical calculations quantify impact magnitude.

Case study demonstrates practical application.

Abstract

This paper presents a model to represent graphically the impact of cyber events (e.g., attacks, countermeasures) in a polygonal systems of n-sides. The approach considers information about all entities composing an information system (e.g., users, IP addresses, communication protocols, physical and logical resources, etc.). Every axis is composed of entities that contribute to the execution of the security event. Each entity has an associated weighting factor that measures its contribution using a multi-criteria methodology named CARVER. The graphical representation of cyber events is depicted as straight lines (one dimension) or polygons (two or more dimensions). Geometrical operations are used to compute the size (i.e, length, perimeter, surface area) and thus the impact of each event. As a result, it is possible to identify and compare the magnitude of cyber events. A case study with multiple security events is presented as an illustration on how the model is built and computed.