Issue No.06 - November/December (2011 vol.9)
Simson L. Garfinkel , Naval Postgraduate School
George Dinolt , Naval Postgraduate School
DOI Bookmark: http://doi.ieeecomputersociety.org/10.1109/MSP.2011.149
Modern systems aren't designed to support some ongoing operations after their security has been compromised. Using Sterbenz's ResiliNets (resilient networks) model for describing the tasks of managing a system that might be attacked, the authors discuss five strategies for operating in a degraded security environment: ignorance is bliss (no recovery); response and recovery (no remediation, diagnosis, or refinement); isolate and treat (remediation, followed by recovery); in situ analysis (covert monitoring); and battleshort: hunker down and live with it.
Insecurity, degraded security, ResiliNets, battleshort, DoD Instruction 8500.2
Simson L. Garfinkel, George Dinolt, "Operations with Degraded Security", IEEE Security & Privacy, vol.9, no. 6, pp. 43-48, November/December 2011, doi:10.1109/MSP.2011.149