TY - GEN
T1 - Managing complex IT security processes with value based measures
AU - Abercrombie, Robert K.
AU - Sheldon, Frederick T.
AU - Mili, Ali
PY - 2009
Y1 - 2009
N2 - Current trends indicate that IT security measures will need to greatly expand to counter the ever increasingly sophisticated, well-funded and/or economically motivated threat space. Traditional risk management approaches provide an effective method for guiding courses of action for assessment, and mitigation investments. However, such approaches no matter how popular demand very detailed knowledge about the IT security domain and the enterprise/cyber architectural context. Typically, the critical nature and/or high stakes require careful consideration and adaptation of a balanced approach that provides reliable and consistent methods for rating vulnerabilities. As reported in earlier works, the Cyberspace Security Econometrics System provides a comprehensive measure of reliability, security and safety of a system that accounts for the criticality of each requirement as a function of one or more stakeholders' interests in that requirement. This paper advocates a dependability measure that acknowledges the aggregate structure of complex system specifications, and accounts for variations by stakeholder, by specification components, and by verification and validation impact.
AB - Current trends indicate that IT security measures will need to greatly expand to counter the ever increasingly sophisticated, well-funded and/or economically motivated threat space. Traditional risk management approaches provide an effective method for guiding courses of action for assessment, and mitigation investments. However, such approaches no matter how popular demand very detailed knowledge about the IT security domain and the enterprise/cyber architectural context. Typically, the critical nature and/or high stakes require careful consideration and adaptation of a balanced approach that provides reliable and consistent methods for rating vulnerabilities. As reported in earlier works, the Cyberspace Security Econometrics System provides a comprehensive measure of reliability, security and safety of a system that accounts for the criticality of each requirement as a function of one or more stakeholders' interests in that requirement. This paper advocates a dependability measure that acknowledges the aggregate structure of complex system specifications, and accounts for variations by stakeholder, by specification components, and by verification and validation impact.
UR - http://www.scopus.com/inward/record.url?scp=67650466349&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=67650466349&partnerID=8YFLogxK
U2 - 10.1109/CICYBS.2009.4925092
DO - 10.1109/CICYBS.2009.4925092
M3 - Conference contribution
AN - SCOPUS:67650466349
SN - 9781424427697
T3 - 2009 IEEE Symposium on Computational Intelligence in Cyber Security, CICS 2009 - Proceedings
SP - 69
EP - 75
BT - 2009 IEEE Symposium on Computational Intelligence in Cyber Security, CICS 2009 - Proceedings
PB - IEEE Computer Society
T2 - 2009 IEEE Symposium on Computational Intelligence in Cyber Security, CICS 2009
Y2 - 30 March 2009 through 2 April 2009
ER -