HASE '08 Proceedings of the 2008 11th IEEE High Assurance Systems Engineering Symposium
HICSS '09 Proceedings of the 42nd Hawaii International Conference on System Sciences
Analysis of Stakeholder/Value Dependency Patterns and Process Implications: A Controlled Experiment
HICSS '10 Proceedings of the 2010 43rd Hawaii International Conference on System Sciences
Quantifying security threats and their potential impacts: a case study
Innovations in Systems and Software Engineering
| Hi-index | 0.00 |
In an earlier series of works, Boehm et al. discuss the nature of information system dependability and highlight the variability of system dependability according to stakeholders. In a recent paper, the dependency patterns of this model are analyzed. In our recent works, we presented a stakeholder dependent quantitative security model, where we quantify security for a given stakeholder by the mean of the loss incurred by the stakeholder as a result of security threats. We show how this mean can be derived from the security threat configuration (represented as a vector of probabilities that reflect the likelihood of occurrence of the various security threats). We refer to our security metric as MFC, for Mean Failure Cost. In this paper, we analyze Boehm's model from the standpoint of the proposed metric, and show whether, to what extent, and how our metric addresses the issues raised by Boehm's Stakeholder/Value definition of system dependability.