TY - GEN
T1 - Modeling stakeholder/value dependency through mean failure cost
AU - Aissa, Anis Ben
AU - Abercrombie, Robert K.
AU - Sheldon, Frederick T.
AU - Mili, Ali
PY - 2010
Y1 - 2010
N2 - In an earlier series of works, Boehm et al. discuss the nature of information system dependability and highlight the variability of system dependability according to stakeholders. In a recent paper, the dependency patterns of this model are analyzed. In our recent works, we presented a stakeholder dependent quantitative security model, where we quantify security for a given stakeholder by the mean of the loss incurred by the stakeholder as a result of security threats. We show how this mean can be derived from the security threat configuration (represented as a vector of probabilities that reflect the likelihood of occurrence of the various security threats). We refer to our security metric as MFC, for Mean Failure Cost. In this paper, we analyze Boehm's model from the standpoint of the proposed metric, and show whether, to what extent, and how our metric addresses the issues raised by Boehm's Stakeholder/Value definition of system dependability.
AB - In an earlier series of works, Boehm et al. discuss the nature of information system dependability and highlight the variability of system dependability according to stakeholders. In a recent paper, the dependency patterns of this model are analyzed. In our recent works, we presented a stakeholder dependent quantitative security model, where we quantify security for a given stakeholder by the mean of the loss incurred by the stakeholder as a result of security threats. We show how this mean can be derived from the security threat configuration (represented as a vector of probabilities that reflect the likelihood of occurrence of the various security threats). We refer to our security metric as MFC, for Mean Failure Cost. In this paper, we analyze Boehm's model from the standpoint of the proposed metric, and show whether, to what extent, and how our metric addresses the issues raised by Boehm's Stakeholder/Value definition of system dependability.
KW - cyber security metrics
KW - information security
KW - risk management
UR - http://www.scopus.com/inward/record.url?scp=78349279998&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=78349279998&partnerID=8YFLogxK
U2 - 10.1145/1852666.1852727
DO - 10.1145/1852666.1852727
M3 - Conference contribution
AN - SCOPUS:78349279998
SN - 9781450300179
T3 - ACM International Conference Proceeding Series
BT - 6th Annual Cyber Security and Information Intelligence Research Workshop
T2 - 6th Annual Cyber Security and Information Intelligence Research Workshop: Cyber Security and Information Intelligence Challenges and Strategies, CSIIRW10
Y2 - 21 April 2010 through 23 April 2010
ER -