Ideal based cyber security technical metrics for control systems

Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)

Volumn 5141 LNCS, Issue , 2008, Pages 246-260

  Boyer, Wayne ^a   McQueen, Miles ^a  

^a IDAHO NATIONAL LABORATORY   (United States)

Author keywords

Control System Security; Cyber Security Metrics

Indexed keywords

ABSTRACT DIMENSIONS; CONTROL SYSTEM SECURITY; CRITICAL INFRASTRUCTURE; CYBER SECURITY; ELECTRONIC NETWORKS; MANAGEMENT DECISIONS; OBJECTIVE MEASUREMENT; OPERATIONAL CONTROL; SECURITY METRICS; TECHNICAL OBJECTS; TECHNICAL SECURITY;

MATHEMATICAL MODELS; MATHEMATICAL OPERATORS; PNEUMATIC CONTROL EQUIPMENT;

CONTROL THEORY;

EID: 77953715289     PISSN: 03029743     EISSN: 16113349     Source Type: Book Series    
DOI: 10.1007/978-3-540-89173-4_21     Document Type: Conference Paper

References (17)

1. Bishop, M.: Computer Security Art and Science, pp. 343-349. Addison-Wesley, Reading (2003)
2. Chew, E., Clay, A., Hash, J., Bartol, N., Brown, A.: Guide for Developing Performance Metrics for Information Security. NIST Special Publication 800-80 (May 2006)
3. Chemical Sector Cyber Security Program (CSCSP), Guidance for Addressing Cyber Security in the Chemical Industry, Technical Report, CSCSP (May 2006)
4. Idaho National Laboratory Report to the Department of Homeland Security, INL/EXT-06-12016, Cyber Security Metrics (December 2006)
5. Jacquith, A.: Security Metrics. Addison-Wesley, Reading (2007)
6. McQueen, M.A., Boyer, W.F., Flynn, M.A., Beitel, G.A.: Time-to-compromise Model for Cyber Risk Reduction Estimation. In: First Workshop on Quality of Protection (September 2005)
7. McQueen, M.A., Boyer, W.F., Flynn, M.A., Beitel, G.A.: Quantitative Cyber Risk Reduction Estimation Methodology for a Small SCADA Control System. In: Proceedings of the 39th Hawaii International Conference on System Sciences, p. 226 (January 2006)
8. Mell, P., Hu, V., Lippmann, R., Haines, J., Zissman, M.: An Overview of Issues in Testing Intrusion Detection Systems. In: Interagency Report (IR) 7007, National Institute of Standards and Technology, Gaithersburg, Maryland (June 2003)
9. Manadhata, P., Wing, J.M.: An Attack Surface Metric, Technical Report CMU-CS-05-155 (July 2005)
10. Neumann, P.G.: Computer Related Risks, p. 244. Addison-Wesley, Reading (1995)
11. Ou, X., Boyer, W., McQueen, M.: A Scalable approach to Attack Graph Generation. In: 13th ACM Conference on Computer and Communications Security, CCS 2006, October 30 - November 3 (2006)
12. Ross, R., Katzke, S., Johnson, A., Swanson, M., Rogers, G.: System Questionnaire with NIST SP 800-53: Recommended Security Controls for Federal Information Systems, Technical Report, NIST, References and Associated Security Control Mappings, Gaithersburg, Maryland (March 2006)
13. Swanson, M., Bartol, N., Sabato, J., Hash, J., Graffo, L.: NIST Special Publication 800-55: Security Metrics Guide for Information Technology Systems, Technical Report, National Institute of Standards and Technology (NIST), Gaithersburg, Maryland (July 2003)
14. Schneier, B.: Secrets & Lies, pp. 367-380. Wiley, Chichester (2000)
15. Schiffman, M.: A Complete Guide to the Common Vulnerability Scoring System (CVSS), Technical Report, Forum for Incident Response and Security Teams (FIRST), June 7 (2005)
16. Swanson, M., Guttman, B.: Generally Accepted Principles and Practices for Securing Information Technology Systems, NIST 800-14 (September 1996)
17. Summers, R.C.: Secure Computing Threats and Safeguards, pp. 251-252. McGraw-Hill, New York (1997)