Abstract:
In order for organizations to make cyber security risk decisions, a clear basis is needed to guide investments. That basis is founded on models and metrics for cyber security. Research is required to provide a foundation of data and to define metrics that express the costs, benefits, and impacts of security controls from economic, organizational, technical, and risk perspectives. Creating metrics on these various parameters results in security decisions and choices that can be better understood. Modeling infrastructure and predicting consequences of risk management choices is also necessary.
Author:
Institute for Information Infrastructure Protection (I3P)
Institution:
Institute for Information Infrastructure Protection (I3P)