In the dynamic cyber threat landscape, effective decision-making under uncertainty is crucial for maintaining robust information security. This paper introduces the Cyber Resilience Index (CRI), a TTP-based probabilistic approach to quantifying an organisation's defence effectiveness against cyber-attacks (campaigns). Building upon the Threat-Intelligence Based Security Assessment (TIBSA) methodology, we present a mathematical model that translates complex threat intelligence into an actionable, unified metric similar to a stock market index, that executives can understand and interact with while teams can act upon. Our method leverages Partially Observable Markov Decision Processes (POMDPs) to simulate attacker behaviour considering real-world uncertainties and the latest threat actor tactics, techniques, and procedures (TTPs). This allows for dynamic, context-aware evaluation of an organization's security posture, moving beyond static compliance-based assessments. As a result, decision-makers are equipped with a single metric of cyber resilience that bridges the gap between quantitative and qualitative assessments, enabling data-driven resource allocation and strategic planning. This can ultimately lead to more informed decision-making, mitigate under or overspending, and assist in resource allocation.

翻译：在动态变化的网络威胁环境中，在不确定性下进行有效决策对于保持稳健的信息安全至关重要。本文介绍了网络弹性指数（CRI），这是一种基于TTP的概率方法，用于量化组织针对网络攻击（活动）的防御有效性。基于威胁情报驱动的安全评估（TIBSA）方法，我们提出了一个数学模型，该模型将复杂的威胁情报转化为一个可操作的、统一的度量指标，类似于股票市场指数，既能让管理层理解并参与，又能让团队据此采取行动。我们的方法利用部分可观测马尔可夫决策过程（POMDPs）来模拟攻击者行为，同时考虑了现实世界的不确定性以及最新的威胁行为者战术、技术和程序（TTPs）。这使得能够对组织的安全态势进行动态的、上下文感知的评估，超越了基于静态合规性的评估。因此，决策者获得了一个单一的网络弹性度量指标，弥合了定量与定性评估之间的鸿沟，从而能够实现数据驱动的资源分配和战略规划。这最终可以促成更明智的决策，缓解支出不足或过度的问题，并协助资源分配。