Defining and computing a value based cyber-security measure

Authors:
Anis Ben Aissa;Robert K. Abercrombie;Frederick T. Sheldon;Ali Mili
Affiliations:
University of Tunis El Manar, Tunisia;Oak Ridge National Laboratory, Oak Ridge, TN;Oak Ridge National Laboratory, Oak Ridge, TN;New Jersey Institute of Technology, Newark NJ
Venue:
Proceedings of the Second Kuwait Conference on e-Services and e-Systems
Year:
2011

Citing 4
Cited 0

Synopsis of Evaluating Security Controls Based on Key Performance Indicators and Stakeholder Mission Value

HASE '08 Proceedings of the 2008 11th IEEE High Assurance Systems Engineering Symposium
Methodology for Evaluating Security Controls Based on Key Performance Indicators and Stakeholder Mission

HICSS '09 Proceedings of the 42nd Hawaii International Conference on System Sciences
Analysis of Stakeholder/Value Dependency Patterns and Process Implications: A Controlled Experiment

HICSS '10 Proceedings of the 2010 43rd Hawaii International Conference on System Sciences
Quantifying security threats and their potential impacts: a case study

Innovations in Systems and Software Engineering

Quantified Score

Hi-index	0.00

Visualization

Abstract

In past work[1,3,4], we presented a value based measure of cybersecurity that quantifies the security of a system in concrete terms, specifically, in terms of how much each system stakeholder stands to lose (in dollars per hour of operation) as a result of security threats and system vulnerabilities\; our metric varies according to the stakes that each stakeholder has in meeting each security requirement. In this paper we discuss the specification and design of a system that collects, updates and maintains all the information that pertains to estimating our cybersecurity measure, and offers stakeholders quantitative means to make security-related decisions.