Addressing the Need for Independence in the CSE Model

Abercrombie, Robert K; Ferragut, Erik M; Sheldon, Frederick T; Grimaila, Michael R

Title: Addressing the Need for Independence in the CSE Model

Conference · Sat Jan 01 00:00:00 EST 2011

OSTI ID:1019334

Abercrombie, Robert K ^[1]; Ferragut, Erik M ^[1]; Sheldon, Frederick T ^[1]; Grimaila, Michael R ^[1]

ORNL

Abstract Information system security risk, defined as the product of the monetary losses associated with security incidents and the probability that they occur, is a suitable decision criterion when considering different information system architectures. Risk assessment is the widely accepted process used to understand, quantify, and document the effects of undesirable events on organizational objectives so that risk management, continuity of operations planning, and contingency planning can be performed. One technique, the Cyberspace Security Econometrics System (CSES), is a methodology for estimating security costs to stakeholders as a function of possible risk postures. In earlier works, we presented a computational infrastructure that allows an analyst to estimate the security of a system in terms of the loss that each stakeholder stands to sustain, as a result of security breakdowns. Additional work has applied CSES to specific business cases. The current state-of-the-art of CSES addresses independent events. In typical usage, analysts create matrices that capture their expert opinion, and then use those matrices to quantify costs to stakeholders. This expansion generalizes CSES to the common real-world case where events may be dependent.

OSTI does not have a digital full text copy available. For more information, please see document availability, search WorldCat, or search Google Scholar.

Cite

Export

Save

Research Organization:: Oak Ridge National Lab. (ORNL), Oak Ridge, TN (United States)

Sponsoring Organization:: USDOE

DOE Contract Number:: DE-AC05-00OR22725

OSTI ID:: 1019334

Resource Relation:: Conference: 2011 IEEE Symposium on Computational Intelligence in Cyber Security (CICS 2011) - Symposium Series on Computational Intelligence (IEEE SSCI 2011), Paris, France, 20110411, 20110415

Country of Publication:: United States

Language:: English

Similar Records

A Systematic Comprehensive Computational Model for Stake Estimation in Mission Assurance: Applying Cyber Security Econometrics System (CSES) to Mission Assurance Analysis Protocol (MAAP)

Conference · Fri Jan 01 00:00:00 EST 2010 · OSTI ID:1019334

Abercrombie, Robert K; Sheldon, Frederick T; Grimaila, Michael R

Failure Impact Analysis of Key Management in AMI Using Cybernomic Situational Assessment (CSA)

Conference · Tue Jan 01 00:00:00 EST 2013 · OSTI ID:1019334

Abercrombie, Robert K; Sheldon, Frederick T; Hauser, Katie R; +2 more

Risk Assessment Methodology Based on the NISTIR 7628 Guidelines

Conference · Tue Jan 01 00:00:00 EST 2013 · OSTI ID:1019334

Abercrombie, Robert K; Sheldon, Frederick T; Hauser, Katie R; +2 more

Related Subjects

99 GENERAL AND MISCELLANEOUS//MATHEMATICS, COMPUTING, AND INFORMATION SCIENCE
BUSINESS
COMPUTERS
ECONOMETRICS
INFORMATION SYSTEMS
MANAGEMENT
MATRICES
PLANNING
PROBABILITY
RISK ASSESSMENT
SECURITY
Information Security
Cybersecurity Metrics
Risk Analysis
Risk Management
Stakeholder Value
Information Assurance Controls
Migitation Costs
Algorithms

Title: Addressing the Need for Independence in the CSE Model

Citation Formats

Similar Records

Related Subjects