Forecasting Cyber Maintenance Costs with Improved Scan Analytics Using Simulation
Published in 2018 Winter Simulation Conference, 2018
Abstract: This article proposes a discrete event simulation model of an organization that maintains computer hosts and incurs several millions of dollars in maintenance and incident response costs. The common maintenance policy is referred to as “out-of-sight is out-of-mind” (OSOM) because the majority of hosts are absent from scans and ignored. Hosts are “dark” (absent) because they are not accessible (turned off or with restricted permissions). The proposed model is used to compare OSOM with alternatives including improved analytics that make dark host vulnerabilities visible. Findings clarify the apparent benefits of OSOM unless indirect costs for intrusions or improved policies are applied. Also, benefits from using Windows operating systems and improved policies are clarified including millions in expected savings (vs. Linux).
Recommended citation: ‘Allen, T. T., & Liu, E. (2018, December). "Forecasting cyber maintenance costs with improved scan analytics using simulation." In Proceedings of the 2019 Winter Simulation Conference, IEEE. 1218-1225.’