A 10-Layer Model for Service Availability Risk Management

Jan Evang; Jan Evang

doi:10.5220/0012092600003555

A 10-Layer Model for Service Availability Risk Management

Jan Evang, Jan Evang

2023

Abstract

Effective management of service availability risk is a critical aspect of Network Operations Centers (NOCs) as network uptime is a key performance indicator. However, commonly used risk classification systems such as ISO27001:2013, NIST CSF, and NIST 800-53 often do not prioritize network availability, resulting in the potential oversight of certain risks and ambiguous classifications. This paper presents a comprehensive examination of network availability risk and proposes a 10-layer model that aligns closely with the operational framework of NOCs. The 10-layer model encompasses hardware risk, risks across various network layers, as well as external risks such as cloud, human errors, and political governance. By adopting this model, critical risks are less likely to be overlooked, and the NOC’s risk management process is streamlined. The paper outlines each layer of the model, provides illustrative examples of related risks and outages, and presents the successful evaluation of the model on two real-life networks, where all risks were identified and appropriately classified.

Download

Paper Citation

in Harvard Style

Evang J. (2023). A 10-Layer Model for Service Availability Risk Management. In Proceedings of the 20th International Conference on Security and Cryptography - Volume 1: SECRYPT; ISBN 978-989-758-666-8, SciTePress, pages 716-723. DOI: 10.5220/0012092600003555

in Bibtex Style

@conference{secrypt23,
author={Jan Evang},
title={A 10-Layer Model for Service Availability Risk Management},
booktitle={Proceedings of the 20th International Conference on Security and Cryptography - Volume 1: SECRYPT},
year={2023},
pages={716-723},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0012092600003555},
isbn={978-989-758-666-8},
}

in EndNote Style

TY - CONF

JO - Proceedings of the 20th International Conference on Security and Cryptography - Volume 1: SECRYPT
TI - A 10-Layer Model for Service Availability Risk Management
SN - 978-989-758-666-8
AU - Evang J.
PY - 2023
SP - 716
EP - 723
DO - 10.5220/0012092600003555
PB - SciTePress