CIIA: critical infrastructure impact assessment.

As adversaries continue to develop new attack techniques to undermine organizations' business goals, there is an increase necessity for defenders to understand how a cyber-incident can impact those goals, which has motivated research in mission impact assessment (MIA). This paper presents CIIA (Critical Infrastructure Impact Assessment), an integrated approach for understanding the mission impact of cyber-threats. CIIA was developed to offer a mission-oriented evaluation model to profile the organization, and, upon it, a simulation platform to simulate mission impact of a user-chosen exploited threat. Our experimental evaluation has shown CIIA is successful in generating a relevant report on mission impact for several organizational settings.