Defining and computing a value based cyber-security measure

Authors

Anis Ben Aissa, Université de Tunis El Manar, Faculté des Sciences de Tunis
Robert K. Abercrombie, Oak Ridge National Laboratory
Frederick T. Sheldon, Oak Ridge National Laboratory
Ali Mili, Ying Wu College of Computing

Document Type

Article

Publication Date

12-1-2012

Abstract

In earlier work, we presented a value based measure of cybersecurity that quantifies the security of a system in concrete terms, specifically, in terms of how much each system stakeholder stands to lose (in dollars per hour of operation) as a result of security threats and system vulnerabilities; our metric varies according to the stakes that each stakeholder has in meeting each security requirement. In this paper, we discuss the specification and design of a system that collects, updates, and maintains all the information that pertains to estimating our cybersecurity measure, and offers stakeholders quantitative means to make security-related decisions. © 2011 Springer-Verlag.

Identifier

84870389187 (Scopus)

Publication Title

Information Systems and E Business Management

External Full Text Location

https://doi.org/10.1007/s10257-011-0177-1

e-ISSN

16179854

ISSN

16179846

First Page

433

Last Page

453

Issue

4

Volume

10

Recommended Citation

Aissa, Anis Ben; Abercrombie, Robert K.; Sheldon, Frederick T.; and Mili, Ali, "Defining and computing a value based cyber-security measure" (2012). Faculty Publications. 17982.
https://digitalcommons.njit.edu/fac_pubs/17982