Synopsis of Evaluating Security Controls Based on Key Performance Indicators and Stakeholder Mission Value

Information security continues to evolve in response to disruptive changes with a persistent focus on information-centric controls and a healthy debate about balancing endpoint and network protection, with the goal of improved enterprise and business risk management. Economic uncertainty, intensively collaborative work styles, virtualization, increased outsourcing and ongoing compliance pressures require careful consideration and adaptation of a balanced approach. The cyberspace security econometrics system (CSES) provides a measure of reliability, security and safety of a system that accounts for the criticality of each requirement as a function of one or more stakeholderspsila interests in that requirement. For a given stakeholder, CSES reflects the variance that may exist among the stakes one attaches to meeting each requirement. This paper summarizes the basis, objectives and capabilities for the CSES including inputs/outputs as well as the structural underpinnings.

[1]  Barry W. Boehm,et al.  Fifth Workshop on Software Quality , 2007, 29th International Conference on Software Engineering (ICSE'07 Companion).

[2]  Ali Mili,et al.  Challenging the Mean Time to Failure: Measuring Dependability as a Mean Failure Cost , 2009 .

[3]  Barry W. Boehm,et al.  Value-based software engineering: reinventing , 2003, SOEN.

[4]  Ali Mili,et al.  Evaluating security controls based on key performance indicators and stakeholder mission , 2008, CSIIRW '08.

[5]  J. Cleland-Huang,et al.  Financially informed requirements prioritization , 2005, Proceedings. 27th International Conference on Software Engineering, 2005. ICSE 2005..

[6]  Stefan Biffl,et al.  A case study on value-based requirements tracing , 2005, ESEC/FSE-13.

[7]  H. Omasreiter,et al.  Balanced Decision Making in Software Engineering--General Thoughts and a Concrete Example from Industry , 2007, 2007 First International Workshop on the Economics of Software and Computation.

[8]  Manfred Reichert,et al.  Designing an economic-driven evaluation framework for process-oriented software technologies , 2006, ICSE.

[9]  Suku Nair,et al.  Developing a SSE-CMM-based security risk assessment process for patient-centered healthcare systems , 2008, WoSQ '08.

[10]  Stefan Biffl,et al.  A value-based approach for understanding cost-benefit trade-offs during automated software traceability , 2005, TEFSE '05.

[11]  Daniel M. Berry,et al.  Distributed priority ranking of strategic preliminary requirements for management information systems in economic organizations , 2007, Inf. Softw. Technol..

[12]  Barry W. Boehm Value-based software engineering: reinventing , 2003, SOEN.

[13]  Barry Boehm,et al.  A view of 20th and 21st century software engineering , 2006, ICSE.

[14]  Barry Boehm,et al.  Value-Based Software Engineering: Reinventing "Earned Value" Monitoring and Control , 2003 .

[15]  Barry W. Boehm,et al.  Value-Based Software Engineering: A Case Study , 2003, Computer.

[16]  F. Sheldon,et al.  Methodology for Evaluating Security Controls Based on Key Performance Indicators and Stakeholder Mission , 2009 .

[17]  Kurt Rohloff,et al.  High-Assurance Distributed, Adaptive Software for Dynamic Systems , 2007 .

[18]  Ali Mili,et al.  Measuring Reliability as a Mean Failure Cost , 2007 .