Methodology for Evaluating Security Controls Based on Key Performance Indicators and Stakeholder Mission
- ORNL
- New Jersey Insitute of Technology
Information security continues to evolve in response to disruptive changes with a persistent focus on information-centric controls and a healthy debate about balancing endpoint and network protection, with a goal of improved enterprise/business risk management. Economic uncertainty, intensively collaborative styles of work, virtualization, increased outsourcing and ongoing compliance pressures require careful consideration and adaptation. This paper proposes a Cyberspace Security Econometrics System (CSES) that provides a measure (i.e., a quantitative indication) of reliability, performance and/or safety of a system that accounts for the criticality of each requirement as a function of one or more stakeholders interests in that requirement. For a given stakeholder, CSES reflects the variance that may exist among the stakes she/he attaches to meeting each requirement. This paper introduces the basis, objectives and capabilities for the CSES including inputs/outputs as well as the structural and mathematical underpinnings.
- Research Organization:
- Oak Ridge National Lab. (ORNL), Oak Ridge, TN (United States)
- Sponsoring Organization:
- Work for Others (WFO)
- DOE Contract Number:
- DE-AC05-00OR22725
- OSTI ID:
- 946487
- Resource Relation:
- Conference: 42nd Annual Hawaii International Conference on System Sciences (HICSS-42), Waikoloa, Big Island, HI, USA, 20090105, 20090108
- Country of Publication:
- United States
- Language:
- English
Similar Records
Cyberspace Security Econometrics System (CSES) - U.S. Copyright TXu 1-901-039
Evaluating Security Controls Based on Key Performance Indicators and Stakeholder Mission