Title :
Methodology for Evaluating Security Controls Based on Key Performance Indicators and Stakeholder Mission
Author :
Sheldon, Frederick T. ; Abercrombie, Robert K. ; Mili, Ali
Abstract :
Information security continues to evolve in response to disruptive changes with a persistent focus on information-centric controls and a healthy debate about balancing endpoint and network protection, with a goal of improved enterprise/business risk management. Economic uncertainty, intensively collaborative styles of work, virtualization, increased outsourcing and ongoing compliance pressures require careful consideration and adaptation. This paper proposes a Cyberspace Security Econometrics System (CSES that provides a measure (i.e., a quantitative indication) of reliability, performance and/or safety of a system that accounts for the criticality of each requirement as a function of one or more stakeholders´ interests in that requirement. For a given stakeholder, CSES reflects the variance that may exist among the stakes she/he attaches to meeting each requirement. This paper introduces the basis, objectives and capabilities for the CSES including inputs/outputs as well as the structural and mathematical underpinnings.
Keywords :
business data processing; econometrics; formal specification; groupware; risk management; security of data; business risk management; collaborative work style; cyberspace security econometrics system; economic uncertainty; enterprise risk management; information security control evaluation; key performance indicator; mathematical underpinning; network protection; stakeholder mission; structural underpinning; Certification; Computer security; Control systems; Econometrics; Government; Information security; Information technology; Laboratories; Protection; Risk management;
Conference_Titel :
System Sciences, 2009. HICSS '09. 42nd Hawaii International Conference on
Conference_Location :
Big Island, HI
Print_ISBN :
978-0-7695-3450-3
DOI :
10.1109/HICSS.2009.308
