Evaluating Security Controls Based on Key Performance Indicators and Stakeholder Mission

Sheldon, Frederick T; Abercrombie, Robert K; Mili, Ali

Evaluating Security Controls Based on Key Performance Indicators and Stakeholder Mission

Conference · Tue Jan 01 04:00:00 EST 2008

OSTI ID:943544

Sheldon, Frederick T ^[1]; Abercrombie, Robert K ^[1]; Mili, Ali ^[2]

ORNL
New Jersey Insitute of Technology

Good security metrics are required to make good decisions about how to design security countermeasures, to choose between alternative security architectures, and to improve security during operations. Therefore, in essence, measurement can be viewed as a decision aid. The lack of sound practical security metrics is severely hampering progress in the development of secure systems. The Cyberspace Security Econometrics System (CSES) offers the following advantages over traditional measurement systems: (1) CSES reflects the variances that exist amongst different stakeholders of the same system. Different stakeholders will typically attach different stakes to the same requirement or service (e.g., a service may be provided by an information technology system or process control system, etc.). (2) For a given stakeholder, CSES reflects the variance that may exist among the stakes she/he attaches to meeting each requirement. The same stakeholder may attach different stakes to satisfying different requirements within the overall system specification. (3) For a given compound specification (e.g., combination(s) of commercial off the shelf software and/or hardware), CSES reflects the variance that may exist amongst the levels of verification and validation (i.e., certification) performed on components of the specification. The certification activity may produce higher levels of assurance across different components of the specification than others. Consequently, this paper introduces the basis, objectives and capabilities for the CSES including inputs/outputs and the basic structural and mathematical underpinnings.

🛈

OSTI does not have a digital full text copy available. For more information, please see document availability, search WorldCat, or search Google Scholar.

Research Organization:: Oak Ridge National Laboratory (ORNL)

Sponsoring Organization:: ORNL work for others

DOE Contract Number:: AC05-00OR22725

OSTI ID:: 943544

Country of Publication:: United States

Language:: English

Similar Records

Methodology for Evaluating Security Controls Based on Key Performance Indicators and Stakeholder Mission

Conference · Wed Dec 31 23:00:00 EST 2008 · OSTI ID:946487

Synopsis of Evaluating Security Controls Based on Key Performance Indicators and Stakeholder Mission Value

Conference · Sun Nov 30 23:00:00 EST 2008 · OSTI ID:946765

Cyberspace Security Econometrics System (CSES) - U.S. Copyright TXu 1-901-039

Book · Tue Dec 31 23:00:00 EST 2013 · OSTI ID:1143596

Related Subjects

97 MATHEMATICS AND COMPUTING
99 GENERAL AND MISCELLANEOUS
COMPUTER NETWORKS
Cyber Security Performance Indicators Stakeholder Mission
NETWORK ANALYSIS
PERFORMANCE
SECURITY
VALIDATION
VERIFICATION

Evaluating Security Controls Based on Key Performance Indicators and Stakeholder Mission

Citation Formats

Similar Records

Related Subjects