Risk and Vulnerability Assessment Using Cybernomic Computational Models: Tailored for Industrial Control Systems
- ORNL
- University of Memphis
There are many influencing economic factors to weigh from the defender-practitioner stakeholder point-of-view that involve cost combined with development/deployment models. Some examples include the cost of countermeasures themselves, the cost of training and the cost of maintenance. Meanwhile, we must better anticipate the total cost from a compromise. The return on investment in countermeasures is essentially impact costs (i.e., the costs from violating availability, integrity and confidentiality / privacy requirements). The natural question arises about choosing the main risks that must be mitigated/controlled and monitored in deciding where to focus security investments. To answer this question, we have investigated the cost/benefits to the attacker/defender to better estimate risk exposure. In doing so, it s important to develop a sound basis for estimating the factors that derive risk exposure, such as likelihood that a threat will emerge and whether it will be thwarted. This impact assessment framework can provide key information for ranking cybersecurity threats and managing risk.
- Research Organization:
- Oak Ridge National Lab. (ORNL), Oak Ridge, TN (United States)
- Sponsoring Organization:
- Work for Others (WFO)
- DOE Contract Number:
- DE-AC05-00OR22725
- OSTI ID:
- 1185966
- Resource Relation:
- Conference: 10th Annual Cyber and Information Security Research (CISR) Conference, Oak Ridge, TN, USA, 20150407, 20150409
- Country of Publication:
- United States
- Language:
- English
Similar Records
Building Stakeholder Trust: Defensible Government Decisions - 13110
Cybersecurity for Electric Vehicle Charging Infrastructure