IDEAS home Printed from https://ideas.repec.org/a/wly/syseng/v16y2013i3p313-328.html
   My bibliography  Save this article

A macro method for measuring economic‐benefit returns on cybersecurity investments: The table top approach

Author

Listed:
  • Paul R. Garvey
  • Richard A. Moynihan
  • Les Servi

Abstract

Critical considerations in engineering today's systems are securing the collection, access, and dissemination of the information they contain. Advanced computing technologies, ubiquitous environments, and sophisticated networks enable globally distributed access to data and information repositories to an uncountable community of consumers. Engineering security into these systems is more challenging and sophisticated than ever before. Along with this, assuring the integrity of highly networked systems requires economic decisions in rapidly changing technology and threat environments. Recognizing that countermeasures effective against cyber intrusions today can be ineffective tomorrow, the systems engineering community needs a rapid and agile way to identify the efficacies of competing countermeasure investment decisions. This paper presents a macroanalytic method for measuring economic‐benefit returns on investments in cybersecurity. The method is called the Table Top Approach. The table top approach is designed to place light demands on the granularity of inputs to evaluate the impacts of cyber intrusion events and the benefits of countermeasure investments. The table top approach derives which investments in a set of competing choices offer the greatest cost‐benefit gains in cyber defense, and why. It finds sets of Pareto efficient cost‐benefit investments, and their economic returns, that capture tangible and intangible advantages of countermeasures that strengthen cybersecurity. ©2012 Wiley Periodicals, Inc. Syst Eng 16

Suggested Citation

  • Paul R. Garvey & Richard A. Moynihan & Les Servi, 2013. "A macro method for measuring economic‐benefit returns on cybersecurity investments: The table top approach," Systems Engineering, John Wiley & Sons, vol. 16(3), pages 313-328, September.
    • Handle: RePEc:wly:syseng:v:16:y:2013:i:3:p:313-328
    DOI: 10.1002/sys.21236
    as

    Download full text from publisher

    File URL: https://doi.org/10.1002/sys.21236
    Download Restriction: no
    File URL: https://libkey.io/10.1002/sys.21236?utm_source=ideas
    LibKey link: if access is restricted and if your library uses this service, LibKey will redirect you to where you can use your library subscription to access this item
    ---><---

    References listed on IDEAS

    as
    1. Yacov Y. Haimes, 2006. "On the Definition of Vulnerabilities in Measuring Risks to Infrastructures," Risk Analysis, John Wiley & Sons, vol. 26(2), pages 293-296, April.
    Full references (including those not matched with items on IDEAS)

    Most related items

    These are the items that most often cite the same works as this one and are cited by the same works as this one.
    1. Yi‐Ping Fang & Giovanni Sansavini & Enrico Zio, 2019. "An Optimization‐Based Framework for the Identification of Vulnerabilities in Electric Power Grids Exposed to Natural Hazards," Risk Analysis, John Wiley & Sons, vol. 39(9), pages 1949-1969, September.
    2. Yacov Y. Haimes, 2011. "Responses to Terje Aven's Paper: On Some Recent Definitions and Analysis Frameworks for Risk, Vulnerability, and Resilience," Risk Analysis, John Wiley & Sons, vol. 31(5), pages 689-692, May.
    3. H Jönsson & J Johansson & H Johansson, 2008. "Identifying critical components in technical infrastructure networks," Journal of Risk and Reliability, , vol. 222(2), pages 235-243, June.
    4. Corinne Curt & Jean‐Marc Tacnet, 2018. "Resilience of Critical Infrastructures: Review and Analysis of Current Approaches," Risk Analysis, John Wiley & Sons, vol. 38(11), pages 2441-2458, November.
    5. Crowther, Kenneth G., 2010. "Risk-informed assessment of regional preparedness: A case study of emergency potable water for hurricane response in Southeast Virginia," International Journal of Critical Infrastructure Protection, Elsevier, vol. 3(2), pages 83-98.
    6. Rocchetta, Roberto, 2022. "Enhancing the resilience of critical infrastructures: Statistical analysis of power grid spectral clustering and post-contingency vulnerability metrics," Renewable and Sustainable Energy Reviews, Elsevier, vol. 159(C).
    7. Jingyu Liu & Walter W. Piegorsch & A. Grant Schissler & Susan L. Cutter, 2018. "Autologistic models for benchmark risk or vulnerability assessment of urban terrorism outcomes," Journal of the Royal Statistical Society Series A, Royal Statistical Society, vol. 181(3), pages 803-823, June.
    8. Yacov Y. Haimes & Kenneth Crowther & Barry M. Horowitz, 2008. "Homeland security preparedness: Balancing protection with resilience in emergent systems," Systems Engineering, John Wiley & Sons, vol. 11(4), pages 287-308, December.
    9. Chun-Hsien Lai & Pi-Ching Liao & Szu-Hung Chen & Yung-Chieh Wang & Chingwen Cheng & Chen-Fa Wu, 2021. "Risk Perception and Adaptation of Climate Change: An Assessment of Community Resilience in Rural Taiwan," Sustainability, MDPI, vol. 13(7), pages 1-15, March.
    10. Beyza, Jesus & Gil, Pablo & Masera, Marcelo & Yusta, Jose M., 2020. "Security assessment of cross-border electricity interconnections," Reliability Engineering and System Safety, Elsevier, vol. 201(C).
    11. Michael Greenberg & Karen Lowrie, 2009. "Toxicity Testing in the 21st Century," Risk Analysis, John Wiley & Sons, vol. 29(4), pages 471-473, April.
    12. Ouyang, Min & Liu, Chuang & Wu, Shengyu, 2020. "Worst-case vulnerability assessment and mitigation model of urban utility tunnels," Reliability Engineering and System Safety, Elsevier, vol. 197(C).
    13. Yacov Y. Haimes, 2011. "On the Complex Quantification of Risk: Systems‐Based Perspective on Terrorism," Risk Analysis, John Wiley & Sons, vol. 31(8), pages 1175-1186, August.
    14. Hosseini, Seyedmohsen & Ivanov, Dmitry & Dolgui, Alexandre, 2019. "Review of quantitative methods for supply chain resilience analysis," Transportation Research Part E: Logistics and Transportation Review, Elsevier, vol. 125(C), pages 285-307.
    15. Yacov Y. Haimes, 2009. "On the Complex Definition of Risk: A Systems‐Based Approach," Risk Analysis, John Wiley & Sons, vol. 29(12), pages 1647-1654, December.
    16. Yacov Y. Haimes, 2009. "On the Definition of Resilience in Systems," Risk Analysis, John Wiley & Sons, vol. 29(4), pages 498-501, April.
    17. Bier, Vicki & Gutfraind, Alexander, 2019. "Risk analysis beyond vulnerability and resilience – characterizing the defensibility of critical systems," European Journal of Operational Research, Elsevier, vol. 276(2), pages 626-636.
    18. R. Piccinelli & G. Sansavini & R. Lucchetti & E. Zio, 2017. "A General Framework for the Assessment of Power System Vulnerability to Malicious Attacks," Risk Analysis, John Wiley & Sons, vol. 37(11), pages 2182-2190, November.
    19. Yacov Y Haimes, 2012. "Strategic Preparedness for Recovery from Catastrophic Risks to Communities and Infrastructure Systems of Systems," Risk Analysis, John Wiley & Sons, vol. 32(11), pages 1834-1845, November.
    20. Chatterjee, Samrat & Thekdi, Shital, 2020. "An iterative learning and inference approach to managing dynamic cyber vulnerabilities of complex systems," Reliability Engineering and System Safety, Elsevier, vol. 193(C).

    More about this item

    Statistics

    Access and download statistics

    Corrections

    All material on this site has been provided by the respective publishers and authors. You can help correct errors and omissions. When requesting a correction, please mention this item's handle: RePEc:wly:syseng:v:16:y:2013:i:3:p:313-328. See general information about how to correct material in RePEc.

    If you have authored this item and are not yet registered with RePEc, we encourage you to do it here. This allows to link your profile to this item. It also allows you to accept potential citations to this item that we are uncertain about.

    If CitEc recognized a bibliographic reference but did not link an item in RePEc to it, you can help with this form .

    If you know of missing items citing this one, you can help us creating those links by adding the relevant references in the same way as above, for each refering item. If you are a registered author of this item, you may also want to check the "citations" tab in your RePEc Author Service profile, as there may be some citations waiting for confirmation.

    For technical questions regarding this item, or to correct its authors, title, abstract, bibliographic or download information, contact: Wiley Content Delivery (email available below). General contact details of provider: https://doi.org/10.1002/(ISSN)1520-6858 .

    Please note that corrections may take a couple of weeks to filter through the various RePEc services.

    IDEAS is a RePEc service. RePEc uses bibliographic data supplied by the respective publishers.