Defining and computing a value based cyber-security measure

Anis Ben Aissa, Robert K. Abercrombie, Frederick T. Sheldon, Ali Mili

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Abstract

In past work[1,3,4], we presented a value based measure of cybersecurity that quantifies the security of a system in concrete terms, specifically, in terms of how much each system stakeholder stands to lose (in dollars per hour of operation) as a result of security threats and system vulnerabilities\; our metric varies according to the stakes that each stakeholder has in meeting each security requirement. In this paper we discuss the specification and design of a system that collects, updates and maintains all the information that pertains to estimating our cybersecurity measure, and offers stakeholders quantitative means to make security-related decisions.

Original languageEnglish (US)
Title of host publicationProceedings of the 2nd Kuwait Conference on e-Services and e-Systems, KCESS'11
DOIs
StatePublished - 2011
Event2nd Kuwait Conference on e-Services and e-Systems, KCESS'11 - Kuwait City, Kuwait
Duration: Apr 5 2011Apr 7 2011

Publication series

NameProceedings of the 2nd Kuwait Conference on e-Services and e-Systems, KCESS'11

Other

Other2nd Kuwait Conference on e-Services and e-Systems, KCESS'11
CountryKuwait
CityKuwait City
Period4/5/114/7/11

All Science Journal Classification (ASJC) codes

  • Computer Networks and Communications
  • Information Systems

Keywords

  • Cyber security metrics
  • Information security
  • Risk management

Fingerprint Dive into the research topics of 'Defining and computing a value based cyber-security measure'. Together they form a unique fingerprint.

Cite this