HASE '08 Proceedings of the 2008 11th IEEE High Assurance Systems Engineering Symposium
HICSS '09 Proceedings of the 42nd Hawaii International Conference on System Sciences
Analysis of Stakeholder/Value Dependency Patterns and Process Implications: A Controlled Experiment
HICSS '10 Proceedings of the 2010 43rd Hawaii International Conference on System Sciences
Quantifying security threats and their potential impacts: a case study
Innovations in Systems and Software Engineering
Hi-index | 0.00 |
In past work[1,3,4], we presented a value based measure of cybersecurity that quantifies the security of a system in concrete terms, specifically, in terms of how much each system stakeholder stands to lose (in dollars per hour of operation) as a result of security threats and system vulnerabilities\; our metric varies according to the stakes that each stakeholder has in meeting each security requirement. In this paper we discuss the specification and design of a system that collects, updates and maintains all the information that pertains to estimating our cybersecurity measure, and offers stakeholders quantitative means to make security-related decisions.