Publication Type
Journal
Journal Name
Information Systems and e-Business Management
Publication Date
Page Numbers
1 to 21
Volume
online
Issue
online
Abstract
In earlier works (Ben-Aissa et al. 2010; Abercrombie et al. 2008; Sheldon et al. 2009), we presented a value based measure of cybersecurity that quantifies the security of a system in concrete terms, specifically, in terms of how much each system stakeholder stands to lose (in dollars per hour of operation) as a result of security threats and system vulnerabilities; our metric varies according to the stakes that each stakeholder has in meeting each security requirement. In this paper, we discuss the specification and design of a system that collects, updates,
and maintains all the information that pertains to estimating our cybersecurity measure, and offers stakeholders quantitative means to make security-related decisions.