Defining and computing a value based cyber-security measure

Anis Ben Aissa; Robert K. Abercrombie; Frederick T. Sheldon; Ali Mili

doi:10.1007/s10257-011-0177-1

Back

Defining and computing a value based cyber-security measure

Journal article

Peer reviewed

Defining and computing a value based cyber-security measure

Anis Ben Aissa, Robert K. Abercrombie, Frederick T. Sheldon and Ali Mili

Information systems and e-business management, Vol.10(4), pp.433-453

01/12/2012

DOI: https://doi.org/10.1007/s10257-011-0177-1

Abstract

Business

Business & Economics

Management

Social Sciences

In earlier work, we presented a value based measure of cybersecurity that quantifies the security of a system in concrete terms, specifically, in terms of how much each system stakeholder stands to lose (in dollars per hour of operation) as a result of security threats and system vulnerabilities; our metric varies according to the stakes that each stakeholder has in meeting each security requirement. In this paper, we discuss the specification and design of a system that collects, updates, and maintains all the information that pertains to estimating our cybersecurity measure, and offers stakeholders quantitative means to make security-related decisions.

Metrics

1 Record Views

See more details

Details

Title: Defining and computing a value based cyber-security measure
Creators - without role: Anis Ben Aissa - Tunis El Manar University
Robert K. Abercrombie - Oak Ridge National Laboratory
Frederick T. Sheldon - Oak Ridge National Laboratory
Ali Mili - New Jersey Institute of Technology
Publication Details: Information systems and e-business management, Vol.10(4), pp.433-453
Publisher: Springer Nature
Number of pages: 21
Identifiers: 9913059208331
Academic Unit: Al Jouf University
Language: English
Resource Type: Journal article