Skip to main content
SpringerLink
Log in

Defining and computing a value based cyber-security measure

  • Original Article
  • Published:
Information Systems and e-Business Management Aims and scope Submit manuscript

Abstract

In earlier work, we presented a value based measure of cybersecurity that quantifies the security of a system in concrete terms, specifically, in terms of how much each system stakeholder stands to lose (in dollars per hour of operation) as a result of security threats and system vulnerabilities; our metric varies according to the stakes that each stakeholder has in meeting each security requirement. In this paper, we discuss the specification and design of a system that collects, updates, and maintains all the information that pertains to estimating our cybersecurity measure, and offers stakeholders quantitative means to make security-related decisions.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Fig. 1
Fig. 2
Fig. 3
Fig. 4
Fig. 5
Fig. 6
Fig. 7
Fig. 8
Fig. 9
Fig. 10
Fig. 11

Similar content being viewed by others

References

  • Ben-Aissa A, Abercrombie RK, Sheldon FT, Mili A (2010) Quantifying security threats and their potential impact: a case study. innovation in systems and software engineering. p 13. doi:10.1007/s11334-010-0123-2

  • Boehm B, Huang LG, Jain A, Madachy R (2004) The nature of system dependability: a stakeholder/value approach. Technical report USC-CSSE-2004–520. University of Southern California, Centre for Systems and Software Research, California

    Google Scholar 

  • Estevez E, Fillottrani P, Janowski T (2010) Information sharing in government—conceptual model for policy formulation. Paper presented at the 10th European conference on e-government, Limerick, Ireland, 17–18 June 2010

  • Firesmith D (2004) Specifying reusable security requirements. J Object Technol 3(1):61–75

    Article  Google Scholar 

  • Garlan D, Monroe RT, Wile D (2000) Acme: architectural descriptions of component-based systems. In: Leavens GT, Sitaraman M (eds) Foundations of component-based systems. Cambridge University Press, Cambridge, pp 47–68

    Google Scholar 

  • Garlan D, Schmerl B, Cheng S-W (2009) Software architecture-based self-adaptation. In: Mieso Denko LYaYZ (ed) Autonomic computing and networking, vol 21. Springer, US. pp 31–55. doi:10.1007/978-0-387-89828-5_2. ISBN 978-0-387-89827-8

  • Maslow AH (1943) A theory of human motivation. Origin Pub Psychol Rev 50:370–396

    Google Scholar 

  • Rocha SVD, Abdelounahab Z, Freire E (2005) Requirement elicitation based on goals with security and privacy policies in electronic commerce. In: Anais do WER05—Workshop em Engenharia de Requisitos. pp 63–74

  • Sawma VD, Probert RL (2003) E-commerce authenication: an effective countermeasures design model. In: Paper presented at the ICEIS 2003, proceedings of the 5th international conference on enterprise information systems, Angers, France, 22–26 April 2003

  • Sekaran KC (2007) Requirements driven multiple view paradigm for developing security architecture. PWASET Proc World Acad Sci Eng Technol 25:156–159

    Google Scholar 

  • Simons JA, Irwin DB, Drinnien BA (1987) Psychology—the search for understanding. West Publishing Company, New York

    Google Scholar 

  • Wikipedia® (2010) Maslow’s hierarchy of needs. http://en.wikipedia.org/wiki/Maslow%27s_hierarchy_of_needs. Accessed 19 July 2010

  • Wu D, Li Q, He M, Boehm B, Yang Y, Koolmanojwong S (2010) Analysis of stakeholder/value dependency patterns and process implications: a controlled experiment. Proceedings of the 43rd Hawaii international conference on system sciences (HICSS-43). doi:10.1109/HICSS.2010.60

Download references

Author information

Authors and Affiliations

  1. Faculty of Sciences of Tunisia, University of Tunis El Manar, Tunis, 2092, Tunisia

    Anis Ben Aissa

  2. Oak Ridge National Laboratory, Oak Ridge, TN, 37831, USA

    Robert K. Abercrombie & Frederick T. Sheldon

  3. College of Computing Sciences, New Jersey Institute of Technology, Newark, NJ, 07102-1982, USA

    Ali Mili

Authors
  1. Anis Ben Aissa
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Robert K. Abercrombie
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Frederick T. Sheldon
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Ali Mili
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Ali Mili.

Additional information

The submitted manuscript has been authored by a contractor of the U.S. Government under contract DE-AC05-00OR22725. Accordingly, the U.S. Government retains a nonexclusive, royalty-free license to publish or reproduce the published form of this contribution, or allow others to do so, for U.S. Government purposes.

Disclaimer: The views expressed in this paper are those of the authors and do not reflect the official policy or position of the United States Department of Energy, or the U.S. Government, or the University of Tunis El Manar, or the College of Computing Sciences, New Jersey Institute of Technology.

Rights and permissions

Reprints and permissions

About this article

Cite this article

Aissa, A.B., Abercrombie, R.K., Sheldon, F.T. et al. Defining and computing a value based cyber-security measure. Inf Syst E-Bus Manage 10, 433–453 (2012). https://doi.org/10.1007/s10257-011-0177-1

Download citation

  • Received:

  • Revised:

  • Accepted:

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s10257-011-0177-1

Keywords

Search

Navigation