Striking the Balance: Measuring and Managing the Complexity of Cyber Environments
• Presentation
Publisher
Software Engineering Institute
Topic or Tag
Abstract
This presentation was given at FloCon 2023, an annual conference that focuses on applying any and all collected data to defend enterprise networks.
Given the continuous flux of cyber environments, let alone the tactics and techniques of threat actors, organizations struggle to make timely risk-based decisions in the selection of control strategies. At times, some controls can inhibit the performance of an organization by adding complexity to the environment (e.g., new training needed, configuration challenges, and technical debt).
This presentation proposes and explores a novel means to measure cyber environment complexity. By measuring the complexity of any given network, organizations can gain an appreciation for the benefits and challenges each layer of defense adds to a security stack. This presentation will define "Cyber Complexity" in terms of technical debt, interfaces, and organizational capability. Each of these elements will also be decomposed and examined for possible means of quantification. The audience will gain a better appreciation for risk-based decisions and the demonstrable need for better measurement of cyber environments to drive those decisions.
Attendees will learn about a new approach to quantifying complexity in a cyber environment. Furthermore, the audience will learn how to utilize those measurements to make better risk-informed decisions.
Part of a Collection
FloCon 2023 Assets
This content was created for a conference series or symposium and does not necessarily reflect the positions and views of the Software Engineering Institute.