skip to main content
OSTI.GOV title logo U.S. Department of Energy
Office of Scientific and Technical Information

Title: Cyber threat metrics.

Abstract

Threats are generally much easier to list than to describe, and much easier to describe than to measure. As a result, many organizations list threats. Fewer describe them in useful terms, and still fewer measure them in meaningful ways. This is particularly true in the dynamic and nebulous domain of cyber threats - a domain that tends to resist easy measurement and, in some cases, appears to defy any measurement. We believe the problem is tractable. In this report we describe threat metrics and models for characterizing threats consistently and unambiguously. The purpose of this report is to support the Operational Threat Assessment (OTA) phase of risk and vulnerability assessment. To this end, we focus on the task of characterizing cyber threats using consistent threat metrics and models. In particular, we address threat metrics and models for describing malicious cyber threats to US FCEB agencies and systems.

Authors:
; ; ; ; ; ;
Publication Date:
Research Org.:
Sandia National Laboratories
Sponsoring Org.:
USDOE
OSTI Identifier:
1039394
Report Number(s):
SAND2012-2427
TRN: US201209%%543
DOE Contract Number:  
AC04-94AL85000
Resource Type:
Technical Report
Country of Publication:
United States
Language:
English
Subject:
99 GENERAL AND MISCELLANEOUS//MATHEMATICS, COMPUTING, AND INFORMATION SCIENCE; METRICS; VULNERABILITY; COMPUTERS; SECURITY

Citation Formats

Frye, Jason Neal, Veitch, Cynthia K., Mateski, Mark Elliot, Michalski, John T., Harris, James Mark, Trevino, Cassandra M., and Maruoka, Scott. Cyber threat metrics.. United States: N. p., 2012. Web. doi:10.2172/1039394.
Frye, Jason Neal, Veitch, Cynthia K., Mateski, Mark Elliot, Michalski, John T., Harris, James Mark, Trevino, Cassandra M., & Maruoka, Scott. Cyber threat metrics.. United States. doi:10.2172/1039394.
Frye, Jason Neal, Veitch, Cynthia K., Mateski, Mark Elliot, Michalski, John T., Harris, James Mark, Trevino, Cassandra M., and Maruoka, Scott. Thu . "Cyber threat metrics.". United States. doi:10.2172/1039394. https://www.osti.gov/servlets/purl/1039394.
@article{osti_1039394,
title = {Cyber threat metrics.},
author = {Frye, Jason Neal and Veitch, Cynthia K. and Mateski, Mark Elliot and Michalski, John T. and Harris, James Mark and Trevino, Cassandra M. and Maruoka, Scott},
abstractNote = {Threats are generally much easier to list than to describe, and much easier to describe than to measure. As a result, many organizations list threats. Fewer describe them in useful terms, and still fewer measure them in meaningful ways. This is particularly true in the dynamic and nebulous domain of cyber threats - a domain that tends to resist easy measurement and, in some cases, appears to defy any measurement. We believe the problem is tractable. In this report we describe threat metrics and models for characterizing threats consistently and unambiguously. The purpose of this report is to support the Operational Threat Assessment (OTA) phase of risk and vulnerability assessment. To this end, we focus on the task of characterizing cyber threats using consistent threat metrics and models. In particular, we address threat metrics and models for describing malicious cyber threats to US FCEB agencies and systems.},
doi = {10.2172/1039394},
journal = {},
number = ,
volume = ,
place = {United States},
year = {Thu Mar 01 00:00:00 EST 2012},
month = {Thu Mar 01 00:00:00 EST 2012}
}

Technical Report:

Save / Share: