A Pragmatic System-failure Assessment and Response Model

Jassim Happa, Graham Fairclough, Jason R. C. Nurse, Ioannis Agrafiotis, Michael Goldsmith, Sadie Creese


Several attack models exist today that attempt to describe cyber-attacks to varying degrees of granularity. Fast and effective decision-making during cyber-attacks is often vital, especially during incidents in which reputation, finance and physical damage can have a crippling effect on people and organisations. Such attacks can render an organisation paralysed, and it may cease to function, we refer to such an incident as a “System Failure”. In this paper we propose a novel conceptual model to help analysts make pragmatic decisions during a System Failure. Our model distils the essence of attacks and provides an easy-to-remember framework intended to help analysts ask relevant questions at the right time, irrespective of what data is available to them. Using abstraction-based reasoning our model allows enterprises to achieve “some” situational awareness during a System Failure, but more importantly, enable them to act upon their understanding and to justify their decisions. Abstraction drives the reasoning process making the approach relevant today and in the future, unlike several existing models that become deprecated over time (as attacks evolve). In the future, it will be necessary to trial the model in exercises to assess its value.


  1. Bishop, M. (1995). A taxonomy of unix system and network vulnerabilities. Technical report, Technical Report CSE-95-10. Department of Computer Science, University of California at Davis.
  2. Caralli, R.A., Allen, J and White, D. W., (2010). CERT Resilience Management Model: A Maturity Model for Managing Operational Resilience. Addison-Wesley Professional.
  3. Cohen, F. (1997). Information system defences: a preliminary classification scheme. Computers & Security, 16(2):94-114.
  4. FIRST. (2005). Common Vulnerability Scoring System. http://www.first.org/cvss.
  5. FIRST. (2015). FIRST Security Library. https://www.first.org/library.
  6. Gibson, C.A. and Tarrant, M. (2010). A 'conceptual models' approach to organisational resilience.
  7. Howard, J. D. and Longstaff, T. A. (1998). A common language for computer security incidents. Sandia Report: SAND98-8667, Sandia National Laboratories, http://www.cert.org/research/taxonomy 988667.pdf.
  8. Hutchins, E. M., Cloppert, M. J., and Amin, R. M. (2011). Intelligence-driven computer network defense informed by analysis of adversary campaigns and intrusion kill chains. Leading Issues in Information Warfare & Security Research, 1:80.
  9. Lough, D. L. (2001). A taxonomy of computer attacks with applications to wireless networks. PhD thesis.
  10. MITRE. (2015) Common Attack Pattern Enumeration and Classification. http://capec.mitre.org/MITRE 2015. Computer Security. http://www.mitre.org/publicationk eywords/computer-security.
  11. NIST. (2012). Computer security incident handling guide. Technical report.
  12. SANS (2004). Global information assurance certification paper. Technical report.
  13. Simmons, C., Shiva, S., Dasgupta, D., and Wu, Q. (2009).
  14. AVOIDIT: A cyber attack taxonomy. University of Memphis, Technical Report CS-09-003.
  15. Ten, C.W., Manimaran, G., and Liu, C.-C. (2010). Cybersecurity for critical infrastructures: attack and defense modeling. Systems, Man and Cybernetics, Part A: Systems and Humans, IEEE Transactions on, 40(4):853-865.
  16. VERIS. (2015). Vocabulary for Event Recording and Incident Sharing. http://veriscommunity.net/

Paper Citation

in Harvard Style

Happa J., Fairclough G., Nurse J., Agrafiotis I., Goldsmith M. and Creese S. (2016). A Pragmatic System-failure Assessment and Response Model . In Proceedings of the 2nd International Conference on Information Systems Security and Privacy - Volume 1: ICISSP, ISBN 978-989-758-167-0, pages 503-508. DOI: 10.5220/0005795105030508

in Bibtex Style

author={Jassim Happa and Graham Fairclough and Jason R. C. Nurse and Ioannis Agrafiotis and Michael Goldsmith and Sadie Creese},
title={A Pragmatic System-failure Assessment and Response Model},
booktitle={Proceedings of the 2nd International Conference on Information Systems Security and Privacy - Volume 1: ICISSP,},

in EndNote Style

JO - Proceedings of the 2nd International Conference on Information Systems Security and Privacy - Volume 1: ICISSP,
TI - A Pragmatic System-failure Assessment and Response Model
SN - 978-989-758-167-0
AU - Happa J.
AU - Fairclough G.
AU - Nurse J.
AU - Agrafiotis I.
AU - Goldsmith M.
AU - Creese S.
PY - 2016
SP - 503
EP - 508
DO - 10.5220/0005795105030508