TY - GEN
T1 - Defining and computing a value based cyber-security measure
AU - Aissa, Anis Ben
AU - Abercrombie, Robert K.
AU - Sheldon, Frederick T.
AU - Mili, Ali
PY - 2011
Y1 - 2011
N2 - In past work[1,3,4], we presented a value based measure of cybersecurity that quantifies the security of a system in concrete terms, specifically, in terms of how much each system stakeholder stands to lose (in dollars per hour of operation) as a result of security threats and system vulnerabilities\; our metric varies according to the stakes that each stakeholder has in meeting each security requirement. In this paper we discuss the specification and design of a system that collects, updates and maintains all the information that pertains to estimating our cybersecurity measure, and offers stakeholders quantitative means to make security-related decisions.
AB - In past work[1,3,4], we presented a value based measure of cybersecurity that quantifies the security of a system in concrete terms, specifically, in terms of how much each system stakeholder stands to lose (in dollars per hour of operation) as a result of security threats and system vulnerabilities\; our metric varies according to the stakes that each stakeholder has in meeting each security requirement. In this paper we discuss the specification and design of a system that collects, updates and maintains all the information that pertains to estimating our cybersecurity measure, and offers stakeholders quantitative means to make security-related decisions.
KW - Cyber security metrics
KW - Information security
KW - Risk management
UR - http://www.scopus.com/inward/record.url?scp=84857970380&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=84857970380&partnerID=8YFLogxK
U2 - 10.1145/2107556.2107561
DO - 10.1145/2107556.2107561
M3 - Conference contribution
AN - SCOPUS:84857970380
SN - 9781450307932
T3 - Proceedings of the 2nd Kuwait Conference on e-Services and e-Systems, KCESS'11
BT - Proceedings of the 2nd Kuwait Conference on e-Services and e-Systems, KCESS'11
T2 - 2nd Kuwait Conference on e-Services and e-Systems, KCESS'11
Y2 - 5 April 2011 through 7 April 2011
ER -