Defining and computing a value based cyber-security measure

Authors:
Anis Ben Aissa;Robert K. Abercrombie;Frederick T. Sheldon;Ali Mili
Affiliations:
Faculty of Sciences of Tunisia, University of Tunis El Manar, Tunis, Tunisia 2092;Oak Ridge National Laboratory, Oak Ridge, USA 37831;Oak Ridge National Laboratory, Oak Ridge, USA 37831;College of Computing Sciences, New Jersey Institute of Technology, Newark, USA 07102-1982
Venue:
Information Systems and e-Business Management
Year:
2012

Citing 3
Cited 0

Acme: architectural description of component-based systems

Foundations of component-based systems
Autonomic Computing and Networking

Autonomic Computing and Networking
Analysis of Stakeholder/Value Dependency Patterns and Process Implications: A Controlled Experiment

HICSS '10 Proceedings of the 2010 43rd Hawaii International Conference on System Sciences

Quantified Score

Hi-index	0.00

Visualization

Abstract

In earlier work, we presented a value based measure of cybersecurity that quantifies the security of a system in concrete terms, specifically, in terms of how much each system stakeholder stands to lose (in dollars per hour of operation) as a result of security threats and system vulnerabilities; our metric varies according to the stakes that each stakeholder has in meeting each security requirement. In this paper, we discuss the specification and design of a system that collects, updates, and maintains all the information that pertains to estimating our cybersecurity measure, and offers stakeholders quantitative means to make security-related decisions.