Defining and computing a value based cyber-security measure

Anis Ben Aissa, Robert K. Abercrombie, Frederick T. Sheldon, Ali Mili

Research output: Contribution to journalArticlepeer-review

17 Scopus citations


In earlier work, we presented a value based measure of cybersecurity that quantifies the security of a system in concrete terms, specifically, in terms of how much each system stakeholder stands to lose (in dollars per hour of operation) as a result of security threats and system vulnerabilities; our metric varies according to the stakes that each stakeholder has in meeting each security requirement. In this paper, we discuss the specification and design of a system that collects, updates, and maintains all the information that pertains to estimating our cybersecurity measure, and offers stakeholders quantitative means to make security-related decisions.

Original languageEnglish (US)
Pages (from-to)433-453
Number of pages21
JournalInformation Systems and e-Business Management
Issue number4
StatePublished - Dec 2012

All Science Journal Classification (ASJC) codes

  • Information Systems


  • Algorithms
  • Cyber security metrics
  • Design
  • Economics
  • Experimentation
  • Information security
  • Measurement
  • Performance
  • Reliability
  • Risk management
  • Security
  • Theory
  • Verification


Dive into the research topics of 'Defining and computing a value based cyber-security measure'. Together they form a unique fingerprint.

Cite this