Supercomputing and Computation
Cyber Security Econometrics Systems (CSES)June 13, 2013
- To make effective cybersecurity decisions, stakeholders need to assess security countermeasures, architecture, and operations. ORNL researchers invented an improved security metric to support analysis of how well a system meets its security objectives. The technology provides courses of action that have the highest risk reduction return on investment, reducing the most risk for the lowest cost.
- Currently, there are few practical metrics for cybersecurity. Conventional systems focus on mean time to failure measures, which do not distinguish between stakeholders, specific components, or degrees of assurance. Our approach uses the concept of Mean Failure Cost.
- The primary measure of this patent pending invention is mean failure cost, a calculation that is consistent with value-based engineering and decision making. The ORNL patents pending recognize differences among stakeholders and acknowledges that not all stakeholders have an equivalent stake in all security failures. The patents pending also reflects the specific weight stakeholders assign to different requirements and the various levels of certification performed on different components.