Capability effectiveness testing for architectural resiliency in financial systems

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Abstract

Increasing interconnectivity in financial institutions and markets along with complex, interdependent architectures present unique enterprise risks. While technological advances continuously improve the reliability and trustworthiness of individual technological system components, the complex, collaborative architectures relied on by most financial organizations present substantial challenges that span technology, personnel, and process dimensions. As systems and threat environments grow in sophistication, approaches to security testing and evaluation must evolve as well. Traditional approaches to cyber security testing may still be useful to evaluate basic architectural components, however new techniques are needed to enable the enterprise to construct simulation exercises that model real-world threat conditions and test the resiliency of all architectural components, including personnel and process dimensions. Organizations must not only establish capabilities to recognize breach attempts, but take decisive response action under conditions of uncertainty and stress. Techniques to evaluate resilient enterprise architectures sometimes underemphasize the threats surrounding human dimensions This paper examines emerging risk considerations presented by increased connectivity among financial services enterprises. It explores new requirements for testing and evaluation of enterprise resiliency as well as organizational detection and response capabilities. The paper considers industry and other external environmental factors driving the need to develop comprehensive evaluation approaches to evaluate the effectiveness of enterprise capabilities in order to embed capability effectiveness assessments within enterprise risk management practices. Limitations of current cyber testing approaches in simulating the emerging cyber threat environment are identified, and the value of realistic, time-bound drills and tests that mimic the stress of real-world cyber events are explored.

Original languageEnglish (US)
Title of host publicationPICMET 2017 - Portland International Conference on Management of Engineering and Technology
Subtitle of host publicationTechnology Management for the Interconnected World, Proceedings
EditorsTimothy R. Anderson, Kiyoshi Niwa, Dundar F. Kocaoglu, Tugrul U. Daim, Dilek Cetindamar Kozanoglu, Gary Perman, Harm-Jan Steenhuis
PublisherInstitute of Electrical and Electronics Engineers Inc.
Pages1-7
Number of pages7
ISBN (Electronic)9781890843366
DOIs
StatePublished - Nov 29 2017
Event2017 Portland International Conference on Management of Engineering and Technology, PICMET 2017 - Portland, United States
Duration: Jul 9 2017Jul 13 2017

Publication series

NamePICMET 2017 - Portland International Conference on Management of Engineering and Technology: Technology Management for the Interconnected World, Proceedings
Volume2017-January

Other

Other2017 Portland International Conference on Management of Engineering and Technology, PICMET 2017
CountryUnited States
CityPortland
Period7/9/177/13/17

Fingerprint

financial system
Testing
threat
Industry
personnel
evaluation
service enterprise
paper industry
trustworthiness
present
financial service
Personnel
risk management
environmental factors
Resiliency
Financial system
Risk management
uncertainty
Threat
simulation

All Science Journal Classification (ASJC) codes

  • Decision Sciences (miscellaneous)
  • Education
  • Engineering (miscellaneous)
  • Law
  • Management of Technology and Innovation
  • Strategy and Management
  • Management Science and Operations Research

Cite this

Rohmeyer, P., Ben-Zvi, T., Lombardi, D., & Maltz, A. (2017). Capability effectiveness testing for architectural resiliency in financial systems. In T. R. Anderson, K. Niwa, D. F. Kocaoglu, T. U. Daim, D. C. Kozanoglu, G. Perman, & H-J. Steenhuis (Eds.), PICMET 2017 - Portland International Conference on Management of Engineering and Technology: Technology Management for the Interconnected World, Proceedings (pp. 1-7). (PICMET 2017 - Portland International Conference on Management of Engineering and Technology: Technology Management for the Interconnected World, Proceedings; Vol. 2017-January). Institute of Electrical and Electronics Engineers Inc.. https://doi.org/10.23919/PICMET.2017.8125456
Rohmeyer, Paul ; Ben-Zvi, Tal ; Lombardi, Donald ; Maltz, Alan. / Capability effectiveness testing for architectural resiliency in financial systems. PICMET 2017 - Portland International Conference on Management of Engineering and Technology: Technology Management for the Interconnected World, Proceedings. editor / Timothy R. Anderson ; Kiyoshi Niwa ; Dundar F. Kocaoglu ; Tugrul U. Daim ; Dilek Cetindamar Kozanoglu ; Gary Perman ; Harm-Jan Steenhuis. Institute of Electrical and Electronics Engineers Inc., 2017. pp. 1-7 (PICMET 2017 - Portland International Conference on Management of Engineering and Technology: Technology Management for the Interconnected World, Proceedings).
@inproceedings{d744531ffef344eb8deac27fd9dff75a,
title = "Capability effectiveness testing for architectural resiliency in financial systems",
abstract = "Increasing interconnectivity in financial institutions and markets along with complex, interdependent architectures present unique enterprise risks. While technological advances continuously improve the reliability and trustworthiness of individual technological system components, the complex, collaborative architectures relied on by most financial organizations present substantial challenges that span technology, personnel, and process dimensions. As systems and threat environments grow in sophistication, approaches to security testing and evaluation must evolve as well. Traditional approaches to cyber security testing may still be useful to evaluate basic architectural components, however new techniques are needed to enable the enterprise to construct simulation exercises that model real-world threat conditions and test the resiliency of all architectural components, including personnel and process dimensions. Organizations must not only establish capabilities to recognize breach attempts, but take decisive response action under conditions of uncertainty and stress. Techniques to evaluate resilient enterprise architectures sometimes underemphasize the threats surrounding human dimensions This paper examines emerging risk considerations presented by increased connectivity among financial services enterprises. It explores new requirements for testing and evaluation of enterprise resiliency as well as organizational detection and response capabilities. The paper considers industry and other external environmental factors driving the need to develop comprehensive evaluation approaches to evaluate the effectiveness of enterprise capabilities in order to embed capability effectiveness assessments within enterprise risk management practices. Limitations of current cyber testing approaches in simulating the emerging cyber threat environment are identified, and the value of realistic, time-bound drills and tests that mimic the stress of real-world cyber events are explored.",
author = "Paul Rohmeyer and Tal Ben-Zvi and Donald Lombardi and Alan Maltz",
year = "2017",
month = "11",
day = "29",
doi = "https://doi.org/10.23919/PICMET.2017.8125456",
language = "English (US)",
series = "PICMET 2017 - Portland International Conference on Management of Engineering and Technology: Technology Management for the Interconnected World, Proceedings",
publisher = "Institute of Electrical and Electronics Engineers Inc.",
pages = "1--7",
editor = "Anderson, {Timothy R.} and Kiyoshi Niwa and Kocaoglu, {Dundar F.} and Daim, {Tugrul U.} and Kozanoglu, {Dilek Cetindamar} and Gary Perman and Harm-Jan Steenhuis",
booktitle = "PICMET 2017 - Portland International Conference on Management of Engineering and Technology",
address = "United States",

}

Rohmeyer, P, Ben-Zvi, T, Lombardi, D & Maltz, A 2017, Capability effectiveness testing for architectural resiliency in financial systems. in TR Anderson, K Niwa, DF Kocaoglu, TU Daim, DC Kozanoglu, G Perman & H-J Steenhuis (eds), PICMET 2017 - Portland International Conference on Management of Engineering and Technology: Technology Management for the Interconnected World, Proceedings. PICMET 2017 - Portland International Conference on Management of Engineering and Technology: Technology Management for the Interconnected World, Proceedings, vol. 2017-January, Institute of Electrical and Electronics Engineers Inc., pp. 1-7, 2017 Portland International Conference on Management of Engineering and Technology, PICMET 2017, Portland, United States, 7/9/17. https://doi.org/10.23919/PICMET.2017.8125456

Capability effectiveness testing for architectural resiliency in financial systems. / Rohmeyer, Paul; Ben-Zvi, Tal; Lombardi, Donald; Maltz, Alan.

PICMET 2017 - Portland International Conference on Management of Engineering and Technology: Technology Management for the Interconnected World, Proceedings. ed. / Timothy R. Anderson; Kiyoshi Niwa; Dundar F. Kocaoglu; Tugrul U. Daim; Dilek Cetindamar Kozanoglu; Gary Perman; Harm-Jan Steenhuis. Institute of Electrical and Electronics Engineers Inc., 2017. p. 1-7 (PICMET 2017 - Portland International Conference on Management of Engineering and Technology: Technology Management for the Interconnected World, Proceedings; Vol. 2017-January).

Research output: Chapter in Book/Report/Conference proceedingConference contribution

TY - GEN

T1 - Capability effectiveness testing for architectural resiliency in financial systems

AU - Rohmeyer, Paul

AU - Ben-Zvi, Tal

AU - Lombardi, Donald

AU - Maltz, Alan

PY - 2017/11/29

Y1 - 2017/11/29

N2 - Increasing interconnectivity in financial institutions and markets along with complex, interdependent architectures present unique enterprise risks. While technological advances continuously improve the reliability and trustworthiness of individual technological system components, the complex, collaborative architectures relied on by most financial organizations present substantial challenges that span technology, personnel, and process dimensions. As systems and threat environments grow in sophistication, approaches to security testing and evaluation must evolve as well. Traditional approaches to cyber security testing may still be useful to evaluate basic architectural components, however new techniques are needed to enable the enterprise to construct simulation exercises that model real-world threat conditions and test the resiliency of all architectural components, including personnel and process dimensions. Organizations must not only establish capabilities to recognize breach attempts, but take decisive response action under conditions of uncertainty and stress. Techniques to evaluate resilient enterprise architectures sometimes underemphasize the threats surrounding human dimensions This paper examines emerging risk considerations presented by increased connectivity among financial services enterprises. It explores new requirements for testing and evaluation of enterprise resiliency as well as organizational detection and response capabilities. The paper considers industry and other external environmental factors driving the need to develop comprehensive evaluation approaches to evaluate the effectiveness of enterprise capabilities in order to embed capability effectiveness assessments within enterprise risk management practices. Limitations of current cyber testing approaches in simulating the emerging cyber threat environment are identified, and the value of realistic, time-bound drills and tests that mimic the stress of real-world cyber events are explored.

AB - Increasing interconnectivity in financial institutions and markets along with complex, interdependent architectures present unique enterprise risks. While technological advances continuously improve the reliability and trustworthiness of individual technological system components, the complex, collaborative architectures relied on by most financial organizations present substantial challenges that span technology, personnel, and process dimensions. As systems and threat environments grow in sophistication, approaches to security testing and evaluation must evolve as well. Traditional approaches to cyber security testing may still be useful to evaluate basic architectural components, however new techniques are needed to enable the enterprise to construct simulation exercises that model real-world threat conditions and test the resiliency of all architectural components, including personnel and process dimensions. Organizations must not only establish capabilities to recognize breach attempts, but take decisive response action under conditions of uncertainty and stress. Techniques to evaluate resilient enterprise architectures sometimes underemphasize the threats surrounding human dimensions This paper examines emerging risk considerations presented by increased connectivity among financial services enterprises. It explores new requirements for testing and evaluation of enterprise resiliency as well as organizational detection and response capabilities. The paper considers industry and other external environmental factors driving the need to develop comprehensive evaluation approaches to evaluate the effectiveness of enterprise capabilities in order to embed capability effectiveness assessments within enterprise risk management practices. Limitations of current cyber testing approaches in simulating the emerging cyber threat environment are identified, and the value of realistic, time-bound drills and tests that mimic the stress of real-world cyber events are explored.

UR - http://www.scopus.com/inward/record.url?scp=85043485889&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=85043485889&partnerID=8YFLogxK

U2 - https://doi.org/10.23919/PICMET.2017.8125456

DO - https://doi.org/10.23919/PICMET.2017.8125456

M3 - Conference contribution

T3 - PICMET 2017 - Portland International Conference on Management of Engineering and Technology: Technology Management for the Interconnected World, Proceedings

SP - 1

EP - 7

BT - PICMET 2017 - Portland International Conference on Management of Engineering and Technology

A2 - Anderson, Timothy R.

A2 - Niwa, Kiyoshi

A2 - Kocaoglu, Dundar F.

A2 - Daim, Tugrul U.

A2 - Kozanoglu, Dilek Cetindamar

A2 - Perman, Gary

A2 - Steenhuis, Harm-Jan

PB - Institute of Electrical and Electronics Engineers Inc.

ER -

Rohmeyer P, Ben-Zvi T, Lombardi D, Maltz A. Capability effectiveness testing for architectural resiliency in financial systems. In Anderson TR, Niwa K, Kocaoglu DF, Daim TU, Kozanoglu DC, Perman G, Steenhuis H-J, editors, PICMET 2017 - Portland International Conference on Management of Engineering and Technology: Technology Management for the Interconnected World, Proceedings. Institute of Electrical and Electronics Engineers Inc. 2017. p. 1-7. (PICMET 2017 - Portland International Conference on Management of Engineering and Technology: Technology Management for the Interconnected World, Proceedings). https://doi.org/10.23919/PICMET.2017.8125456