Abstract
While failure of any node, like a desktop or a server, on a firm's information system is detrimental, simultaneous failure of multiple nodes can result in loss of business continuity. Therefore, business information systems are designed to have some resilience against node failures. Despite these measures, firms face significant loss in productivity when many nodes on their network fail simultaneously either due to a malicious attack that exploits software vulnerabilities or due to design errors. In this paper, we focus on risk of failure due to attacks that exploits known software vulnerabilities. Software vulnerabilities arise from software installed on the nodes of the network. When the same software stack is installed on multiple nodes on the network, software vulnerabilities are shared among them. These shared vulnerabilities when exploited can result in correlated failure of multiple nodes. In this paper, we propose a strategy for optimally allocating M software over N nodes, such that the risk of simultaneous failure is bounded from above by an appropriate threshold. The risk management tool that we are developing can be used in practice by IT managers to actively manage risk of correlated failure.
| Original language | English (US) |
|---|---|
| Title of host publication | WITS 2007 - Proceedings, 17th Annual Workshop on Information Technologies and Systems |
| Publisher | Social Science Research Network |
| Pages | 19-24 |
| Number of pages | 6 |
| State | Published - 2007 |
| Externally published | Yes |
| Event | 17th Workshop on Information Technologies and Systems, WITS 2007 - Montreal, QC, Canada Duration: Dec 8 2007 → Dec 9 2007 |
Other
| Other | 17th Workshop on Information Technologies and Systems, WITS 2007 |
|---|---|
| Country/Territory | Canada |
| City | Montreal, QC |
| Period | 12/8/07 → 12/9/07 |
ASJC Scopus subject areas
- Information Systems