An Open Source Tool to Support the Quantitative Assessment of Cybersecurity

Đã lưu trong:

Chi tiết về thư mục
Xuất bản năm:	International Conference on Cyber Warfare and Security (2017), p. 244-254
Tác giả chính:	Nagaraju, Vidhyashree
Tác giả khác:	Fiondella, Lance, Wandji, Thierry
Được phát hành:	Academic Conferences International Limited
Những chủ đề:	United States > US Computer engineering Software reliability National security Open source software Contractors Reliability analysis Defense programs Information systems Public buildings Cost estimates Cybersecurity Risk reduction Reliability Exploitation Termination Software Economic well being Government agencies Well being Morality Copyright Evaluation Costs Deployment Cost analysis Government contracts Economic wellbeing Military policy Information technology Thresholds Penetration Defense contracts Violations
Truy cập trực tuyến:	Citation/Abstract Full Text Full Text - PDF
Các nhãn:	Thêm thẻ Không có thẻ, Là người đầu tiên thẻ bản ghi này!

MARC


LEADER	00000nab a2200000uu 4500
001	1897683999
003	UK-CbPIL
035			\|a 1897683999
045	2		\|b d20170101 \|b d20171231
084			\|a 142229 \|2 nlm
100	1		\|a Nagaraju, Vidhyashree
245	1		\|a An Open Source Tool to Support the Quantitative Assessment of Cybersecurity
260			\|b Academic Conferences International Limited \|c 2017
513			\|a Conference Proceedings
520	3		\|a Software reliability and cybersecurity are critical to system integrity. Security violations in defense systems are an especially grave threat to national security and the focus of significant resources. Major defense acquisition programs (MDAP) are those that meet or exceed Acquisition Category One (ACAT I), which is determined by a cost estimate in excess of hundreds of millions of dollars. Inadequate cybersecurity has contributed to at least one MDAP declaring a Nunn-McCurdy Breach, which requires (i) Congress be notified when the cost per unit increases more than 25% beyond what was originally estimated and (ii) program termination for cost growth greater than 50%. Achieving cybersecurity cost effectively is therefore critical to the national defense and economic well-being of the United States. This paper presents an open source tool to support the quantitative assessment of software reliability and cybersecurity as well as the underlying mathematical theory and algorithmic details. The tool enables assessment of a system's security from penetration testing data and can be used to estimate the number of vulnerabilities remaining within the software as well as the additional penetration testing required to reduce the rate of vulnerability exploitation to a desired level with a specified level of confidence. This top down approach can be applied to systems such as vehicles as well as information systems, including those that must safeguard defense facilities, their contractors, and other government buildings. This approach will enable organizations that acquire software to establish quantitative requirements that can be included in contracts, providing clear thresholds for software and system developers to achieve. The tool will enable contractors to regularly assess the security of their software with respect to requirements, thereby facilitating the identification and reporting of programs that may fail to achieve contractually specified security objectives. This regular assessment and reporting will enable closer collaboration between government agencies and contractors to ensure that systems achieve a desired level of security to reduce the risk of cost and schedule overruns that would otherwise threaten deployment of secure systems.
651		4	\|a United States--US
653			\|a Computer engineering
653			\|a Software reliability
653			\|a National security
653			\|a Open source software
653			\|a Contractors
653			\|a Reliability analysis
653			\|a Defense programs
653			\|a Information systems
653			\|a Public buildings
653			\|a Cost estimates
653			\|a Cybersecurity
653			\|a Risk reduction
653			\|a Reliability
653			\|a Exploitation
653			\|a Termination
653			\|a Software
653			\|a Economic well being
653			\|a Government agencies
653			\|a Well being
653			\|a Morality
653			\|a Copyright
653			\|a Evaluation
653			\|a Costs
653			\|a Deployment
653			\|a Cost analysis
653			\|a Government contracts
653			\|a Economic wellbeing
653			\|a Military policy
653			\|a Information technology
653			\|a Thresholds
653			\|a Penetration
653			\|a Defense contracts
653			\|a Violations
700	1		\|a Fiondella, Lance
700	1		\|a Wandji, Thierry
773	0		\|t International Conference on Cyber Warfare and Security \|g (2017), p. 244-254
786	0		\|d ProQuest \|t Political Science Database
856	4	1	\|3 Citation/Abstract \|u https://www.proquest.com/docview/1897683999/abstract/embedded/L8HZQI7Z43R0LA5T?source=fedsrch
856	4	0	\|3 Full Text \|u https://www.proquest.com/docview/1897683999/fulltext/embedded/L8HZQI7Z43R0LA5T?source=fedsrch
856	4	0	\|3 Full Text - PDF \|u https://www.proquest.com/docview/1897683999/fulltextPDF/embedded/L8HZQI7Z43R0LA5T?source=fedsrch