skip to main content
OSTI.GOV title logo U.S. Department of Energy
Office of Scientific and Technical Information

Title: Managing Complex IT Security Processes with Value Based Measures

Abstract

Current trends indicate that IT security measures will need to greatly expand to counter the ever increasingly sophisticated, well-funded and/or economically motivated threat space. Traditional risk management approaches provide an effective method for guiding courses of action for assessment, and mitigation investments. However, such approaches no matter how popular demand very detailed knowledge about the IT security domain and the enterprise/cyber architectural context. Typically, the critical nature and/or high stakes require careful consideration and adaptation of a balanced approach that provides reliable and consistent methods for rating vulnerabilities. As reported in earlier works, the Cyberspace Security Econometrics System provides a comprehensive measure of reliability, security and safety of a system that accounts for the criticality of each requirement as a function of one or more stakeholders interests in that requirement. This paper advocates a dependability measure that acknowledges the aggregate structure of complex system specifications, and accounts for variations by stakeholder, by specification components, and by verification and validation impact.

Authors:
 [1];  [1];  [2]
  1. ORNL
  2. New Jersey Insitute of Technology
Publication Date:
Research Org.:
Oak Ridge National Lab. (ORNL), Oak Ridge, TN (United States); Center for Computational Sciences
Sponsoring Org.:
Work for Others (WFO)
OSTI Identifier:
962158
DOE Contract Number:  
DE-AC05-00OR22725
Resource Type:
Conference
Resource Relation:
Conference: 2009 IEEE Symposium on Computational Intelligence in Cyber Security (IEEE CICS 2009), Nashville, TN, USA, 20090330, 20090402
Country of Publication:
United States
Language:
English
Subject:
97 MATHEMATICS AND COMPUTING; 99 GENERAL AND MISCELLANEOUS//MATHEMATICS, COMPUTING, AND INFORMATION SCIENCE; COMPUTER NETWORKS; INFORMATION SYSTEMS; SECURITY; CRYPTOGRAPHY; RELIABILITY; VALIDATION; VERIFICATION; Cyberspace Security Econometrics System; Complex IT security process; Enterprise-cyber econometrics; Ffinancial data processing; Investment; Risk management; Security of data; Methodology; Cyber Security Performance Indicators; Stakeholder Mission

Citation Formats

Abercrombie, Robert K, Sheldon, Frederick T, and Mili, Ali. Managing Complex IT Security Processes with Value Based Measures. United States: N. p., 2009. Web.
Abercrombie, Robert K, Sheldon, Frederick T, & Mili, Ali. Managing Complex IT Security Processes with Value Based Measures. United States.
Abercrombie, Robert K, Sheldon, Frederick T, and Mili, Ali. Thu . "Managing Complex IT Security Processes with Value Based Measures". United States.
@article{osti_962158,
title = {Managing Complex IT Security Processes with Value Based Measures},
author = {Abercrombie, Robert K and Sheldon, Frederick T and Mili, Ali},
abstractNote = {Current trends indicate that IT security measures will need to greatly expand to counter the ever increasingly sophisticated, well-funded and/or economically motivated threat space. Traditional risk management approaches provide an effective method for guiding courses of action for assessment, and mitigation investments. However, such approaches no matter how popular demand very detailed knowledge about the IT security domain and the enterprise/cyber architectural context. Typically, the critical nature and/or high stakes require careful consideration and adaptation of a balanced approach that provides reliable and consistent methods for rating vulnerabilities. As reported in earlier works, the Cyberspace Security Econometrics System provides a comprehensive measure of reliability, security and safety of a system that accounts for the criticality of each requirement as a function of one or more stakeholders interests in that requirement. This paper advocates a dependability measure that acknowledges the aggregate structure of complex system specifications, and accounts for variations by stakeholder, by specification components, and by verification and validation impact.},
doi = {},
journal = {},
number = ,
volume = ,
place = {United States},
year = {Thu Jan 01 00:00:00 EST 2009},
month = {Thu Jan 01 00:00:00 EST 2009}
}

Conference:
Other availability
Please see Document Availability for additional information on obtaining the full-text document. Library patrons may search WorldCat to identify libraries that hold this conference proceeding.

Save / Share: