Capability effectiveness testing for architectural resiliency in financial systems

Paul Rohmeyer, Tal Ben-Zvi, Donald Lombardi, Alan Maltz

Research output: Chapter in Book/Report/Conference proceedingConference contributionpeer-review

2 Scopus citations

Abstract

Increasing interconnectivity in financial institutions and markets along with complex, interdependent architectures present unique enterprise risks. While technological advances continuously improve the reliability and trustworthiness of individual technological system components, the complex, collaborative architectures relied on by most financial organizations present substantial challenges that span technology, personnel, and process dimensions. As systems and threat environments grow in sophistication, approaches to security testing and evaluation must evolve as well. Traditional approaches to cyber security testing may still be useful to evaluate basic architectural components, however new techniques are needed to enable the enterprise to construct simulation exercises that model real-world threat conditions and test the resiliency of all architectural components, including personnel and process dimensions. Organizations must not only establish capabilities to recognize breach attempts, but take decisive response action under conditions of uncertainty and stress. Techniques to evaluate resilient enterprise architectures sometimes underemphasize the threats surrounding human dimensions This paper examines emerging risk considerations presented by increased connectivity among financial services enterprises. It explores new requirements for testing and evaluation of enterprise resiliency as well as organizational detection and response capabilities. The paper considers industry and other external environmental factors driving the need to develop comprehensive evaluation approaches to evaluate the effectiveness of enterprise capabilities in order to embed capability effectiveness assessments within enterprise risk management practices. Limitations of current cyber testing approaches in simulating the emerging cyber threat environment are identified, and the value of realistic, time-bound drills and tests that mimic the stress of real-world cyber events are explored.

Original languageEnglish
Title of host publicationPICMET 2017 - Portland International Conference on Management of Engineering and Technology
Subtitle of host publicationTechnology Management for the Interconnected World, Proceedings
EditorsTimothy R. Anderson, Kiyoshi Niwa, Dundar F. Kocaoglu, Tugrul U. Daim, Dilek Cetindamar Kozanoglu, Gary Perman, Harm-Jan Steenhuis
Pages1-7
Number of pages7
ISBN (Electronic)9781890843366
DOIs
StatePublished - 29 Nov 2017
Event2017 Portland International Conference on Management of Engineering and Technology, PICMET 2017 - Portland, United States
Duration: 9 Jul 201713 Jul 2017

Publication series

NamePICMET 2017 - Portland International Conference on Management of Engineering and Technology: Technology Management for the Interconnected World, Proceedings
Volume2017-January

Conference

Conference2017 Portland International Conference on Management of Engineering and Technology, PICMET 2017
Country/TerritoryUnited States
CityPortland
Period9/07/1713/07/17

Fingerprint

Dive into the research topics of 'Capability effectiveness testing for architectural resiliency in financial systems'. Together they form a unique fingerprint.

Cite this