skip to main content

Title: Risk and Vulnerability Assessment Using Cybernomic Computational Models: Tailored for Industrial Control Systems

There are many influencing economic factors to weigh from the defender-practitioner stakeholder point-of-view that involve cost combined with development/deployment models. Some examples include the cost of countermeasures themselves, the cost of training and the cost of maintenance. Meanwhile, we must better anticipate the total cost from a compromise. The return on investment in countermeasures is essentially impact costs (i.e., the costs from violating availability, integrity and confidentiality / privacy requirements). The natural question arises about choosing the main risks that must be mitigated/controlled and monitored in deciding where to focus security investments. To answer this question, we have investigated the cost/benefits to the attacker/defender to better estimate risk exposure. In doing so, it s important to develop a sound basis for estimating the factors that derive risk exposure, such as likelihood that a threat will emerge and whether it will be thwarted. This impact assessment framework can provide key information for ranking cybersecurity threats and managing risk.
 [1] ;  [2] ;  [1]
  1. ORNL
  2. University of Memphis
Publication Date:
OSTI Identifier:
DOE Contract Number:
Resource Type:
Resource Relation:
Conference: 10th Annual Cyber and Information Security Research (CISR) Conference, Oak Ridge, TN, USA, 20150407, 20150409
Research Org:
Oak Ridge National Laboratory (ORNL)
Sponsoring Org:
ORNL work for others
Country of Publication:
United States
Availability; Integrity; Security Measures/Metrics; Dependability; Security Requirements; Threats; Vulnerabilities; Algorithms; Management; Measurement; Performance; Design; Economics; Experimentation; Security; Theory; Verification