Measuring Reliability as a Mean Failure Cost

Rohloff, Kurt; Loyall, Joseph; Pal, Partha; Schantz, Richard

doi:10.1109/hase.2007.42

Cited by 12 publications

(11 citation statements)

References 5 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Therefore the probability of the IM matrix decreases in half every period of time (6 periods) as shown in six tables: Tables (6)(7)(8)(9)(10)(11). They show the probabilities evolution of the impact matrix for the web server and the DB server during six periods of time.…”

Section: Defining the Evolution Of The Impact Matrix For 3 Yearsmentioning

confidence: 99%

Maximizing Security Management Performance and Decisions with the MFC Cyber Security Model: e- learning case study

Rjaibi¹,

Rabai²

2017

EAI Endorsed Transactions on e-Learning

View full text Add to dashboard Cite

The Mean failure Cost (MFC) is a cascade of linear models that quantify security threats by taking into consideration the system's stakeholders, security requirements, architectural components and threats. This quantitative cyber security model monetizes system's security in terms of cost which may be lost due to security failure. The lack of quantitative security models in security decision making is a way to discover strengths and uniqueness of the MFC cyber security model. This paper intends to extend this measure into a security risk management model for ultra large systems and to exploit the previously presented MFC model's characteristics in security decision making relying on a rigorous and quantifiable analysis of financial returns. In fact, we intend to provide a possible solution to security problems using the MFC model in order to set the highest security priorities and choose the suitable countermeasures as well as computing the profitability of the proposed security countermeasures through the Return on Investment (ROI) based on the MFC's values for each stakeholder. This will lead to monitoring the effectiveness of the proposed security countermeasures, ensuring the best solution choice by saving both time and money and providing a security decision maker with adequate justification to perform his security choice. The practical investigation is to be conducted thought the context of e-learning platforms.

show abstract

Section: Defining the Evolution Of The Impact Matrix For 3 Yearsmentioning

confidence: 99%

Maximizing Security Management Performance and Decisions with the MFC Cyber Security Model: e- learning case study

Rjaibi¹,

Rabai²

2017

EAI Endorsed Transactions on e-Learning

View full text Add to dashboard Cite

show abstract

“…We assume that, in light of "log" data, known vulnerabilities, and known perpetrator behavior, that we can determine that the prevailing threats have the probabilities indicated in Table 4. Using this data, we now compute the vector of mean failure costs [2,13,14], using the formula…”

Section: Threat Configurationmentioning

confidence: 99%

Quantifying security threats and their potential impacts: a case study

Aissa

Abercrombie

Sheldon

et al. 2010

Innovations Syst Softw Eng

Self Cite

View full text Add to dashboard Cite

show abstract

“…With the quantification infrastructure that has been previously introduced to compute Mean Failure Cost (MFC), we can employ a scheme where the cost of any V&V effort is charged on the stakeholders according to what they stand to lose or gain [1]. Hence if a particular V&V effort is aimed at improving the level of confidence that refines a component (i.e., that implements a service and/or satisfies a requirement), then stakeholders are charged according to the stake they have in satisfying said requirement.…”

Section: Motivationmentioning

confidence: 99%

“…We represent this loss by a random variable, and define MFC as the mean of this random variable [1]. As discussed further, this quantity is not intrinsic to the system, but varies by stakeholder [16].…”

Section: Figure 1 Cyber Security Econometrics System (Cses)mentioning

confidence: 99%

“…The Cyberspace Security Econometrics System (CSES) offers the following advantages over traditional measurement systems: (1) CSES reflects the variances that exist among different stakeholders of the same system. Different stakeholders will typically attach different stakes to the same requirement or service (e.g., a service may be provided by an information technology system or The submitted manuscript has been authored by a contractor of the U.S. Government under contract DE-AC05-00OR22725.…”

Section: Introductionmentioning

confidence: 99%

See 1 more Smart Citation