Defining and computing a value based cyber-security measure

Anis Ben Aissa; Robert K. Abercrombie; Frederick T. Sheldon; Ali Mili

doi:10.1007/s10257-011-0177-1

Defining and computing a value based cyber-security measure

Anis Ben Aissa, Robert K. Abercrombie, Frederick T. Sheldon, Ali Mili

Research output: Contribution to journal › Article › peer-review

17 Scopus citations

Abstract

In earlier work, we presented a value based measure of cybersecurity that quantifies the security of a system in concrete terms, specifically, in terms of how much each system stakeholder stands to lose (in dollars per hour of operation) as a result of security threats and system vulnerabilities; our metric varies according to the stakes that each stakeholder has in meeting each security requirement. In this paper, we discuss the specification and design of a system that collects, updates, and maintains all the information that pertains to estimating our cybersecurity measure, and offers stakeholders quantitative means to make security-related decisions.

Original language	English (US)
Pages (from-to)	433-453
Number of pages	21
Journal	Information Systems and e-Business Management
Volume	10
Issue number	4
DOIs	https://doi.org/10.1007/s10257-011-0177-1
State	Published - Dec 2012

All Science Journal Classification (ASJC) codes

Information Systems

Keywords

Algorithms
Cyber security metrics
Design
Economics
Experimentation
Information security
Measurement
Performance
Reliability
Risk management
Security
Theory
Verification

Access to Document

10.1007/s10257-011-0177-1

Cite this

@article{38581317ca384500991ed457debb9322,

title = "Defining and computing a value based cyber-security measure",

abstract = "In earlier work, we presented a value based measure of cybersecurity that quantifies the security of a system in concrete terms, specifically, in terms of how much each system stakeholder stands to lose (in dollars per hour of operation) as a result of security threats and system vulnerabilities; our metric varies according to the stakes that each stakeholder has in meeting each security requirement. In this paper, we discuss the specification and design of a system that collects, updates, and maintains all the information that pertains to estimating our cybersecurity measure, and offers stakeholders quantitative means to make security-related decisions.",

keywords = "Algorithms, Cyber security metrics, Design, Economics, Experimentation, Information security, Measurement, Performance, Reliability, Risk management, Security, Theory, Verification",

author = "Aissa, {Anis Ben} and Abercrombie, {Robert K.} and Sheldon, {Frederick T.} and Ali Mili",

year = "2012",

month = dec,

doi = "10.1007/s10257-011-0177-1",

language = "English (US)",

volume = "10",

pages = "433--453",

journal = "Information Systems and e-Business Management",

issn = "1617-9846",

publisher = "Springer Verlag",

number = "4",

}

TY - JOUR

T1 - Defining and computing a value based cyber-security measure

AU - Aissa, Anis Ben

AU - Abercrombie, Robert K.

AU - Sheldon, Frederick T.

AU - Mili, Ali

PY - 2012/12

Y1 - 2012/12

N2 - In earlier work, we presented a value based measure of cybersecurity that quantifies the security of a system in concrete terms, specifically, in terms of how much each system stakeholder stands to lose (in dollars per hour of operation) as a result of security threats and system vulnerabilities; our metric varies according to the stakes that each stakeholder has in meeting each security requirement. In this paper, we discuss the specification and design of a system that collects, updates, and maintains all the information that pertains to estimating our cybersecurity measure, and offers stakeholders quantitative means to make security-related decisions.

AB - In earlier work, we presented a value based measure of cybersecurity that quantifies the security of a system in concrete terms, specifically, in terms of how much each system stakeholder stands to lose (in dollars per hour of operation) as a result of security threats and system vulnerabilities; our metric varies according to the stakes that each stakeholder has in meeting each security requirement. In this paper, we discuss the specification and design of a system that collects, updates, and maintains all the information that pertains to estimating our cybersecurity measure, and offers stakeholders quantitative means to make security-related decisions.

KW - Algorithms

KW - Cyber security metrics

KW - Design

KW - Economics

KW - Experimentation

KW - Information security

KW - Measurement

KW - Performance

KW - Reliability

KW - Risk management

KW - Security

KW - Theory

KW - Verification

UR - http://www.scopus.com/inward/record.url?scp=84870389187&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=84870389187&partnerID=8YFLogxK

U2 - 10.1007/s10257-011-0177-1

DO - 10.1007/s10257-011-0177-1

M3 - Article

AN - SCOPUS:84870389187

SN - 1617-9846

VL - 10

SP - 433

EP - 453

JO - Information Systems and e-Business Management

JF - Information Systems and e-Business Management

IS - 4

ER -

Defining and computing a value based cyber-security measure

Abstract

All Science Journal Classification (ASJC) codes

Keywords

Access to Document

Other files and links

Fingerprint

Cite this