Addressing the Need for Independence in the CSE Model

Abercrombie, Robert K; Ferragut, Erik M; Sheldon, Frederick T; Grimaila, Michael R

Addressing the Need for Independence in the CSE Model

Conference · Sat Jan 01 04:00:00 EST 2011

OSTI ID:1019334

Abercrombie, Robert K ^[1]; Ferragut, Erik M ^[1]; Sheldon, Frederick T ^[1]; Grimaila, Michael R ^[1]

ORNL

Abstract Information system security risk, defined as the product of the monetary losses associated with security incidents and the probability that they occur, is a suitable decision criterion when considering different information system architectures. Risk assessment is the widely accepted process used to understand, quantify, and document the effects of undesirable events on organizational objectives so that risk management, continuity of operations planning, and contingency planning can be performed. One technique, the Cyberspace Security Econometrics System (CSES), is a methodology for estimating security costs to stakeholders as a function of possible risk postures. In earlier works, we presented a computational infrastructure that allows an analyst to estimate the security of a system in terms of the loss that each stakeholder stands to sustain, as a result of security breakdowns. Additional work has applied CSES to specific business cases. The current state-of-the-art of CSES addresses independent events. In typical usage, analysts create matrices that capture their expert opinion, and then use those matrices to quantify costs to stakeholders. This expansion generalizes CSES to the common real-world case where events may be dependent.

🛈

OSTI does not have a digital full text copy available. For more information, please see document availability, search WorldCat, or search Google Scholar.

Research Organization:: Oak Ridge National Laboratory (ORNL)

Sponsoring Organization:: USDOE

DOE Contract Number:: AC05-00OR22725

OSTI ID:: 1019334

Country of Publication:: United States

Language:: English

Similar Records

A Systematic Comprehensive Computational Model for Stake Estimation in Mission Assurance: Applying Cyber Security Econometrics System (CSES) to Mission Assurance Analysis Protocol (MAAP)

Conference · Thu Dec 31 23:00:00 EST 2009 · OSTI ID:986416

Risk Assessment Methodology Based on the NISTIR 7628 Guidelines

Conference · Mon Dec 31 23:00:00 EST 2012 · OSTI ID:1072138

Cyberspace Security Econometrics System (CSES) - U.S. Copyright TXu 1-901-039

Book · Tue Dec 31 23:00:00 EST 2013 · OSTI ID:1143596

Related Subjects

99 GENERAL AND MISCELLANEOUS
Algorithms
BUSINESS
COMPUTERS
Cybersecurity Metrics
ECONOMETRICS
INFORMATION SYSTEMS
Information Assurance Controls
Information Security
MANAGEMENT
MATRICES
Migitation Costs
PLANNING
PROBABILITY
RISK ASSESSMENT
Risk Analysis
Risk Management
SECURITY
Stakeholder Value

Addressing the Need for Independence in the CSE Model

Citation Formats

Similar Records

Related Subjects