Evaluating Security Controls Based on Key Performance Indicators and Stakeholder Mission

Sheldon, Frederick T; Abercrombie, Robert K; Mili, Ali

Title: Evaluating Security Controls Based on Key Performance Indicators and Stakeholder Mission

Conference · Tue Jan 01 00:00:00 EST 2008

OSTI ID:943544

Sheldon, Frederick T ^[1]; Abercrombie, Robert K ^[1]; Mili, Ali ^[2]

ORNL
New Jersey Insitute of Technology

Good security metrics are required to make good decisions about how to design security countermeasures, to choose between alternative security architectures, and to improve security during operations. Therefore, in essence, measurement can be viewed as a decision aid. The lack of sound practical security metrics is severely hampering progress in the development of secure systems. The Cyberspace Security Econometrics System (CSES) offers the following advantages over traditional measurement systems: (1) CSES reflects the variances that exist amongst different stakeholders of the same system. Different stakeholders will typically attach different stakes to the same requirement or service (e.g., a service may be provided by an information technology system or process control system, etc.). (2) For a given stakeholder, CSES reflects the variance that may exist among the stakes she/he attaches to meeting each requirement. The same stakeholder may attach different stakes to satisfying different requirements within the overall system specification. (3) For a given compound specification (e.g., combination(s) of commercial off the shelf software and/or hardware), CSES reflects the variance that may exist amongst the levels of verification and validation (i.e., certification) performed on components of the specification. The certification activity may produce higher levels of assurance across different components of the specification than others. Consequently, this paper introduces the basis, objectives and capabilities for the CSES including inputs/outputs and the basic structural and mathematical underpinnings.

OSTI does not have a digital full text copy available. For more information, please see document availability, search WorldCat, or search Google Scholar.

Cite

Export

Save

Research Organization:: Oak Ridge National Lab. (ORNL), Oak Ridge, TN (United States)

Sponsoring Organization:: Work for Others (WFO)

DOE Contract Number:: DE-AC05-00OR22725

OSTI ID:: 943544

Resource Relation:: Conference: 4th Annual Cyber Security and Information Intelligence Workshop, Oak Ridge, TN, USA, 20080512, 20080514

Country of Publication:: United States

Language:: English

Similar Records

Methodology for Evaluating Security Controls Based on Key Performance Indicators and Stakeholder Mission

Conference · Thu Jan 01 00:00:00 EST 2009 · OSTI ID:943544

Sheldon, Frederick T; Abercrombie, Robert K; Mili, Ali

Synopsis of Evaluating Security Controls Based on Key Performance Indicators and Stakeholder Mission Value

Conference · Mon Dec 01 00:00:00 EST 2008 · OSTI ID:943544

Abercrombie, Robert K.; Sheldon, Frederick T.; Mili, Ali

Cyberspace Security Econometrics System (CSES) - U.S. Copyright TXu 1-901-039

Book · Wed Jan 01 00:00:00 EST 2014 · OSTI ID:943544

Abercrombie, Robert K; Schlicher, Bob G; Sheldon, Frederick T; +2 more

Related Subjects

97 MATHEMATICS AND COMPUTING
99 GENERAL AND MISCELLANEOUS//MATHEMATICS, COMPUTING, AND INFORMATION SCIENCE
COMPUTER NETWORKS
NETWORK ANALYSIS
PERFORMANCE
SECURITY
VALIDATION
VERIFICATION
Cyber Security Performance Indicators Stakeholder Mission

Title: Evaluating Security Controls Based on Key Performance Indicators and Stakeholder Mission

Citation Formats

Similar Records

Related Subjects