Ani, U.P.D., He, H. and Tiwari, A. (2018) A framework for Operational Security Metrics Development for industrial control environment. Journal of Cyber Security Technology, 2 (3-4). pp. 201-237. ISSN 2374-2917
Abstract
Security metrics are very crucial towards providing insights when measuring security states and susceptibilities in industrial operational environments. Obtaining practical security metrics depend on effective security metrics development approaches. To be effective, a security metrics development framework should be scope-definitive, objective-oriented, reliable, simple, adaptable, and repeatable (SORSAR). A framework for Operational Security Metrics Development (OSMD) for industry control environments is presented, which combines concepts and characteristics from existing approaches. It also adds the new characteristic of adaptability. The OSMD framework is broken down into three phases of: target definition, objective definition, and metrics synthesis. A case study scenario is used to demonstrate an instance of how to implement and apply the proposed framework to demonstrate its usability and workability. Expert elicitation has also be used to consolidate the validity of the proposed framework. Both validation approaches have helped to show that the proposed framework can help create effective and efficient ICS-centric security metrics taxonomy that can be used to evaluate capabilities or vulnerabilities. The understanding from this can help enhance security assurance within industrial operational environments.
Metadata
Item Type: | Article |
---|---|
Authors/Creators: |
|
Copyright, Publisher and Additional Information: | © 2018 Informa UK Limited, trading as Taylor & Francis Group. This is an author produced version of a paper subsequently published in Journal of Cyber Security Technology. Uploaded in accordance with the publisher's self-archiving policy. |
Keywords: | OSMD framework; security metrics; Operational Security metrics; industry control environments; security measurement |
Dates: |
|
Institution: | The University of Sheffield |
Academic Units: | The University of Sheffield > Faculty of Engineering (Sheffield) > Department of Automatic Control and Systems Engineering (Sheffield) |
Depositing User: | Symplectic Sheffield |
Date Deposited: | 10 Jan 2019 10:33 |
Last Modified: | 13 Dec 2019 01:39 |
Published Version: | https://doi.org/10.1080/23742917.2018.1554986 |
Status: | Published |
Publisher: | Taylor & Francis |
Refereed: | Yes |
Identification Number: | 10.1080/23742917.2018.1554986 |
Open Archives Initiative ID (OAI ID): | oai:eprints.whiterose.ac.uk:140845 |