Defining and computing a value based cyber-security measure

Authors

Anis Ben Aissa, Université de Tunis
Robert K. Abercrombie, Oak Ridge National Laboratory
Frederick T. Sheldon, Oak Ridge National Laboratory
Ali Mili, Ying Wu College of Computing

Document Type

Conference Proceeding

Publication Date

12-1-2011

Abstract

In past work[1,3,4], we presented a value based measure of cybersecurity that quantifies the security of a system in concrete terms, specifically, in terms of how much each system stakeholder stands to lose (in dollars per hour of operation) as a result of security threats and system vulnerabilities\; our metric varies according to the stakes that each stakeholder has in meeting each security requirement. In this paper we discuss the specification and design of a system that collects, updates and maintains all the information that pertains to estimating our cybersecurity measure, and offers stakeholders quantitative means to make security-related decisions. © 2011 ACM.

Identifier

84857970380 (Scopus)

ISBN

[9781450307932]

Publication Title

Proceedings of the 2nd Kuwait Conference on E Services and E Systems Kcess 11

External Full Text Location

https://doi.org/10.1145/2107556.2107561

Recommended Citation

Aissa, Anis Ben; Abercrombie, Robert K.; Sheldon, Frederick T.; and Mili, Ali, "Defining and computing a value based cyber-security measure" (2011). Faculty Publications. 11066.
https://digitalcommons.njit.edu/fac_pubs/11066