“…Ultimately, the adversary may reach the asset base of the defender. In terms of cyber risk, assets go through four different stages (Jalili et al, 2019;Sepulveda Estay, 2021;Zeijlemaker, 2022): (1) susceptible assets that are compromised by the adversary become an unknown compromised asset, (2) after detection, unknown compromised assets become known compromised assets, (3) responsive actions by the defender mitigate the effects of the attack and become resolved assets, and (4) resolved assets are packed in production as susceptible assets. In this sequence, isolation is important for limiting adversary activities (Torres, 2014) because unknown compromised assets can compromise more susceptible assets due to lateral movement or automated epidemic malware properties (e.g., worms).…”