Defining and computing a value based cyber-security measure |
| |
Authors: | Anis Ben Aissa Robert K Abercrombie Frederick T Sheldon Ali Mili |
| |
Affiliation: | 1. Faculty of Sciences of Tunisia, University of Tunis El Manar, Tunis, 2092, Tunisia 2. Oak Ridge National Laboratory, Oak Ridge, TN, 37831, USA 3. College of Computing Sciences, New Jersey Institute of Technology, Newark, NJ, 07102-1982, USA
|
| |
Abstract: | In earlier work, we presented a value based measure of cybersecurity that quantifies the security of a system in concrete terms, specifically, in terms of how much each system stakeholder stands to lose (in dollars per hour of operation) as a result of security threats and system vulnerabilities; our metric varies according to the stakes that each stakeholder has in meeting each security requirement. In this paper, we discuss the specification and design of a system that collects, updates, and maintains all the information that pertains to estimating our cybersecurity measure, and offers stakeholders quantitative means to make security-related decisions. |
| |
Keywords: | |
本文献已被 SpringerLink 等数据库收录! |
|