Taxonomy of cyber security metrics to measure strength of cyber security

Abstract Cyber security is guarding computer systems, data, network and other resources from unauthorized access and malicious users. There are no direct methods of measuring strength of cyber security. As they say, “You can’t manage what you can’t measure”. One can easily track the efforts taken for security through cyber security metrics. Being a quantifiable measure, metric can be utilized in tracking the status of a specific process and assess its outcomes along with its strength. This work aims to provide taxonomy of cyber security metrics with five basic metrics, along with the tools under Multi Criteria Decision making approach can be used in evaluation of cyber security strength.

[1]  Rayford B. Vaughn,et al.  Information assurance measures and metrics - state of practice and proposed taxonomy , 2003, 36th Annual Hawaii International Conference on System Sciences, 2003. Proceedings of the.

[2]  Vilhelm Verendel,et al.  Quantified security is a weak hypothesis: a critical survey of results and assumptions , 2009, NSPW '09.

[3]  Matthias Ehrgott,et al.  Multiple criteria decision analysis: state of the art surveys , 2005 .

[4]  Thomas L. Saaty,et al.  Decision making with dependence and feedback : the analytic network process : the organization and prioritization of complexity , 1996 .

[5]  Jeremy Clark,et al.  2013 IEEE Symposium on Security and Privacy SoK: SSL and HTTPS: Revisiting past challenges and evaluating certificate trust model enhancements , 2022 .

[6]  Prasant Kumar Pattnaik,et al.  Cyber Security Metrics Evaluation Using Multi-criteria Decision-Making Approach , 2020 .

[7]  Marianne Swanson,et al.  Security metrics guide for information technology systems , 2003 .

[8]  Rabira Geleta Ibsa Cyber Safety Certainty Performance in Business : Degree Assessment with Analytic Hierarchy Process , 2018 .

[9]  Ching-Lai Hwang,et al.  Fuzzy Multiple Attribute Decision Making - Methods and Applications , 1992, Lecture Notes in Economics and Mathematical Systems.

[10]  Ioannis Lambadaris,et al.  Current Trends and Advances in Information Assurance Metrics , 2004, Conference on Privacy, Security and Trust.

[11]  Robert K. Abercrombie,et al.  Risk and Vulnerability Assessment Using Cybernomic Computational Models: Tailored for Industrial Control Systems , 2015, CISR.

[12]  Reijo Savola A Security Metrics Development Method for Software Intensive Systems , 2009 .

[13]  J. Buckley,et al.  Fuzzy hierarchical analysis , 1999, FUZZ-IEEE'99. 1999 IEEE International Fuzzy Systems. Conference Proceedings (Cat. No.99CH36315).

[14]  Naima Kaabouch,et al.  Cyber-security in smart grid: Survey and challenges , 2018, Comput. Electr. Eng..

[15]  Marcus Pendleton,et al.  A Survey on Systems Security Metrics , 2016, ACM Comput. Surv..

[16]  Ladislav Hudec,et al.  Risk analysis supported by information security metrics , 2011, CompSysTech '11.

[17]  Jeffrey Roy,et al.  Cyber-Security and Risk Management in an Interoperable World , 2012 .

[18]  Reza Baradaran Kazemzadeh,et al.  PROMETHEE: A comprehensive literature review on methodologies and applications , 2010, Eur. J. Oper. Res..

[19]  Dan Meng,et al.  DeepMal: maliciousness-Preserving adversarial instruction learning against static malware detection , 2021, Cybersecur..

[20]  Rana Khudhair Abbas Ahmed,et al.  Overview of Security Metrics , 2016 .

[21]  Andreea Bendovschi,et al.  Cyber-Attacks – Trends, Patterns and Security Countermeasures☆ , 2015 .

[22]  Jian Huang,et al.  Understanding Security Vulnerabilities in File Systems , 2019, APSys '19.

[23]  Bruce D. Caulkins,et al.  Review and insight on the behavioral aspects of cybersecurity , 2020, Cybersecurity.