Abstract
In earlier work, we presented a value based measure of cybersecurity that quantifies the security of a system in concrete terms, specifically, in terms of how much each system stakeholder stands to lose (in dollars per hour of operation) as a result of security threats and system vulnerabilities; our metric varies according to the stakes that each stakeholder has in meeting each security requirement. In this paper, we discuss the specification and design of a system that collects, updates, and maintains all the information that pertains to estimating our cybersecurity measure, and offers stakeholders quantitative means to make security-related decisions.
Similar content being viewed by others
References
Ben-Aissa A, Abercrombie RK, Sheldon FT, Mili A (2010) Quantifying security threats and their potential impact: a case study. innovation in systems and software engineering. p 13. doi:10.1007/s11334-010-0123-2
Boehm B, Huang LG, Jain A, Madachy R (2004) The nature of system dependability: a stakeholder/value approach. Technical report USC-CSSE-2004–520. University of Southern California, Centre for Systems and Software Research, California
Estevez E, Fillottrani P, Janowski T (2010) Information sharing in government—conceptual model for policy formulation. Paper presented at the 10th European conference on e-government, Limerick, Ireland, 17–18 June 2010
Firesmith D (2004) Specifying reusable security requirements. J Object Technol 3(1):61–75
Garlan D, Monroe RT, Wile D (2000) Acme: architectural descriptions of component-based systems. In: Leavens GT, Sitaraman M (eds) Foundations of component-based systems. Cambridge University Press, Cambridge, pp 47–68
Garlan D, Schmerl B, Cheng S-W (2009) Software architecture-based self-adaptation. In: Mieso Denko LYaYZ (ed) Autonomic computing and networking, vol 21. Springer, US. pp 31–55. doi:10.1007/978-0-387-89828-5_2. ISBN 978-0-387-89827-8
Maslow AH (1943) A theory of human motivation. Origin Pub Psychol Rev 50:370–396
Rocha SVD, Abdelounahab Z, Freire E (2005) Requirement elicitation based on goals with security and privacy policies in electronic commerce. In: Anais do WER05—Workshop em Engenharia de Requisitos. pp 63–74
Sawma VD, Probert RL (2003) E-commerce authenication: an effective countermeasures design model. In: Paper presented at the ICEIS 2003, proceedings of the 5th international conference on enterprise information systems, Angers, France, 22–26 April 2003
Sekaran KC (2007) Requirements driven multiple view paradigm for developing security architecture. PWASET Proc World Acad Sci Eng Technol 25:156–159
Simons JA, Irwin DB, Drinnien BA (1987) Psychology—the search for understanding. West Publishing Company, New York
Wikipedia® (2010) Maslow’s hierarchy of needs. http://en.wikipedia.org/wiki/Maslow%27s_hierarchy_of_needs. Accessed 19 July 2010
Wu D, Li Q, He M, Boehm B, Yang Y, Koolmanojwong S (2010) Analysis of stakeholder/value dependency patterns and process implications: a controlled experiment. Proceedings of the 43rd Hawaii international conference on system sciences (HICSS-43). doi:10.1109/HICSS.2010.60
Author information
Authors and Affiliations
Corresponding author
Additional information
The submitted manuscript has been authored by a contractor of the U.S. Government under contract DE-AC05-00OR22725. Accordingly, the U.S. Government retains a nonexclusive, royalty-free license to publish or reproduce the published form of this contribution, or allow others to do so, for U.S. Government purposes.
Disclaimer: The views expressed in this paper are those of the authors and do not reflect the official policy or position of the United States Department of Energy, or the U.S. Government, or the University of Tunis El Manar, or the College of Computing Sciences, New Jersey Institute of Technology.
Rights and permissions
About this article
Cite this article
Aissa, A.B., Abercrombie, R.K., Sheldon, F.T. et al. Defining and computing a value based cyber-security measure. Inf Syst E-Bus Manage 10, 433–453 (2012). https://doi.org/10.1007/s10257-011-0177-1
Received:
Revised:
Accepted:
Published:
Issue Date:
DOI: https://doi.org/10.1007/s10257-011-0177-1