Synopsis of evaluating security controls based on key performance indicators and stakeholder mission value

Authors

Robert K. Abercrombie, Oak Ridge National Laboratory
Frederick T. Sheldon, Oak Ridge National Laboratory
Ali Mill, Ying Wu College of Computing

Document Type

Conference Proceeding

Publication Date

12-1-2008

Abstract

Information security continues to evolve in response to disruptive changes with a persistent focus on information-centric controls and a healthy debate about balancing endpoint and network protection, with the goal of improved enterprise and business risk management. Economic uncertainty, intensively collaborative work styles, virualization, increased outsourcing and ongoing compliance pressures require careful consideration and adaptation of a balanced approach. The Cyberspace Security Econometrics System (CSES) provides a measure of reliability, security and safety of a system that accounts for the criticality of each requirement as a function of one or more stakeholders' interests in that requirement. For a given stakeholder, CSES reflects the variance that may exist among the stakes one attaches to meeting each requirement. This paper summarizes the basis, objectives and capabilities for the CSES including inputs/outputs as well as the structural underpinnings.

Identifier

58449124956 (Scopus)

ISBN

[9780769534824]

Publication Title

Proceedings of IEEE International Symposium on High Assurance Systems Engineering

External Full Text Location

https://doi.org/10.1109/HASE.2008.61

ISSN

15302059

First Page

479

Last Page

482

Recommended Citation

Abercrombie, Robert K.; Sheldon, Frederick T.; and Mill, Ali, "Synopsis of evaluating security controls based on key performance indicators and stakeholder mission value" (2008). Faculty Publications. 12510.
https://digitalcommons.njit.edu/fac_pubs/12510