TY - GEN
T1 - Methodology for evaluating security controls based on key performance indicators and stakeholder mission
AU - Sheldon, Frederick T.
AU - Abercrombie, Robert K.
AU - Mili, Ali
PY - 2009
Y1 - 2009
N2 - Information security continues to evolve in response to disruptive changes with a persistent focus on information-centric controls and a healthy debate about balancing endpoint and network protection, with a goal of improved enterprise/business risk management. Economic uncertainty, intensively collaborative styles of work, virtualization, increased outsourcing and ongoing compliance pressures require careful consideration and adaptation. This paper proposes a Cyberspace Security Econometrics System (CSES) that provides a measure (i.e., a quantitative indication) of reliability, performance and/or safety of a system that accounts for the criticality of each requirement as a function of one or more stakeholders' interests in that requirement. For a given stakeholder, CSES accounts for the variance that may exist among the stakes one attaches to meeting each requirement. This paper introduces the basis, objectives and capabilities for the CSES including inputs/outputs as well as the structural and mathematical underpinnings.
AB - Information security continues to evolve in response to disruptive changes with a persistent focus on information-centric controls and a healthy debate about balancing endpoint and network protection, with a goal of improved enterprise/business risk management. Economic uncertainty, intensively collaborative styles of work, virtualization, increased outsourcing and ongoing compliance pressures require careful consideration and adaptation. This paper proposes a Cyberspace Security Econometrics System (CSES) that provides a measure (i.e., a quantitative indication) of reliability, performance and/or safety of a system that accounts for the criticality of each requirement as a function of one or more stakeholders' interests in that requirement. For a given stakeholder, CSES accounts for the variance that may exist among the stakes one attaches to meeting each requirement. This paper introduces the basis, objectives and capabilities for the CSES including inputs/outputs as well as the structural and mathematical underpinnings.
UR - http://www.scopus.com/inward/record.url?scp=58449091750&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=58449091750&partnerID=8YFLogxK
U2 - 10.1109/HICSS.2009.308
DO - 10.1109/HICSS.2009.308
M3 - Conference contribution
AN - SCOPUS:58449091750
SN - 9780769534503
T3 - Proceedings of the 42nd Annual Hawaii International Conference on System Sciences, HICSS
BT - Proceedings of the 42nd Annual Hawaii International Conference on System Sciences, HICSS
T2 - 42nd Annual Hawaii International Conference on System Sciences, HICSS
Y2 - 5 January 2009 through 9 January 2009
ER -