IDEAS home Printed from https://ideas.repec.org/a/wly/syseng/v16y2013i3p313-328.html
   My bibliography  Save this article

A macro method for measuring economic‐benefit returns on cybersecurity investments: The table top approach

Author

Listed:
  • Paul R. Garvey
  • Richard A. Moynihan
  • Les Servi

Abstract

Critical considerations in engineering today's systems are securing the collection, access, and dissemination of the information they contain. Advanced computing technologies, ubiquitous environments, and sophisticated networks enable globally distributed access to data and information repositories to an uncountable community of consumers. Engineering security into these systems is more challenging and sophisticated than ever before. Along with this, assuring the integrity of highly networked systems requires economic decisions in rapidly changing technology and threat environments. Recognizing that countermeasures effective against cyber intrusions today can be ineffective tomorrow, the systems engineering community needs a rapid and agile way to identify the efficacies of competing countermeasure investment decisions. This paper presents a macroanalytic method for measuring economic‐benefit returns on investments in cybersecurity. The method is called the Table Top Approach. The table top approach is designed to place light demands on the granularity of inputs to evaluate the impacts of cyber intrusion events and the benefits of countermeasure investments. The table top approach derives which investments in a set of competing choices offer the greatest cost‐benefit gains in cyber defense, and why. It finds sets of Pareto efficient cost‐benefit investments, and their economic returns, that capture tangible and intangible advantages of countermeasures that strengthen cybersecurity. ©2012 Wiley Periodicals, Inc. Syst Eng 16

Suggested Citation

  • Paul R. Garvey & Richard A. Moynihan & Les Servi, 2013. "A macro method for measuring economic‐benefit returns on cybersecurity investments: The table top approach," Systems Engineering, John Wiley & Sons, vol. 16(3), pages 313-328, September.
    • Handle: RePEc:wly:syseng:v:16:y:2013:i:3:p:313-328
    DOI: 10.1002/sys.21236
    as

    Download full text from publisher

    File URL: https://doi.org/10.1002/sys.21236
    Download Restriction: no
    File URL: https://libkey.io/10.1002/sys.21236?utm_source=ideas
    LibKey link: if access is restricted and if your library uses this service, LibKey will redirect you to where you can use your library subscription to access this item
    ---><---

    References listed on IDEAS

    as
    1. Yacov Y. Haimes, 2006. "On the Definition of Vulnerabilities in Measuring Risks to Infrastructures," Risk Analysis, John Wiley & Sons, vol. 26(2), pages 293-296, April.
    Full references (including those not matched with items on IDEAS)

    Most related items

    These are the items that most often cite the same works as this one and are cited by the same works as this one.
    1. Bier, Vicki & Gutfraind, Alexander, 2019. "Risk analysis beyond vulnerability and resilience – characterizing the defensibility of critical systems," European Journal of Operational Research, Elsevier, vol. 276(2), pages 626-636.
    2. Yi‐Ping Fang & Giovanni Sansavini & Enrico Zio, 2019. "An Optimization‐Based Framework for the Identification of Vulnerabilities in Electric Power Grids Exposed to Natural Hazards," Risk Analysis, John Wiley & Sons, vol. 39(9), pages 1949-1969, September.
    3. Yacov Y. Haimes, 2011. "Responses to Terje Aven's Paper: On Some Recent Definitions and Analysis Frameworks for Risk, Vulnerability, and Resilience," Risk Analysis, John Wiley & Sons, vol. 31(5), pages 689-692, May.
    4. R. Piccinelli & G. Sansavini & R. Lucchetti & E. Zio, 2017. "A General Framework for the Assessment of Power System Vulnerability to Malicious Attacks," Risk Analysis, John Wiley & Sons, vol. 37(11), pages 2182-2190, November.
    5. H Jönsson & J Johansson & H Johansson, 2008. "Identifying critical components in technical infrastructure networks," Journal of Risk and Reliability, , vol. 222(2), pages 235-243, June.
    6. Corinne Curt & Jean‐Marc Tacnet, 2018. "Resilience of Critical Infrastructures: Review and Analysis of Current Approaches," Risk Analysis, John Wiley & Sons, vol. 38(11), pages 2441-2458, November.
    7. Crowther, Kenneth G., 2010. "Risk-informed assessment of regional preparedness: A case study of emergency potable water for hurricane response in Southeast Virginia," International Journal of Critical Infrastructure Protection, Elsevier, vol. 3(2), pages 83-98.
    8. Yacov Y Haimes, 2012. "Strategic Preparedness for Recovery from Catastrophic Risks to Communities and Infrastructure Systems of Systems," Risk Analysis, John Wiley & Sons, vol. 32(11), pages 1834-1845, November.
    9. Chatterjee, Samrat & Thekdi, Shital, 2020. "An iterative learning and inference approach to managing dynamic cyber vulnerabilities of complex systems," Reliability Engineering and System Safety, Elsevier, vol. 193(C).
    10. Rocchetta, Roberto, 2022. "Enhancing the resilience of critical infrastructures: Statistical analysis of power grid spectral clustering and post-contingency vulnerability metrics," Renewable and Sustainable Energy Reviews, Elsevier, vol. 159(C).
    11. Marroni, Giulia & Casini, Leonardo & Bartolucci, Andrea & Kuipers, Sanneke & Casson Moreno, Valeria & Landucci, Gabriele, 2024. "Development of fragility models for process equipment affected by physical security attacks," Reliability Engineering and System Safety, Elsevier, vol. 243(C).
    12. Jingyu Liu & Walter W. Piegorsch & A. Grant Schissler & Susan L. Cutter, 2018. "Autologistic models for benchmark risk or vulnerability assessment of urban terrorism outcomes," Journal of the Royal Statistical Society Series A, Royal Statistical Society, vol. 181(3), pages 803-823, June.
    13. Xuewei Ji & Wenguo Weng & Weicheng Fan, 2008. "Cellular Automata‐Based Systematic Risk Analysis Approach for Emergency Response," Risk Analysis, John Wiley & Sons, vol. 28(5), pages 1247-1260, October.
    14. Yutong Xue & Pengcheng Xiang & Fuyuan Jia & Zhaowen Liu, 2020. "Risk Assessment of High-Speed Rail Projects: A Risk Coupling Model Based on System Dynamics," IJERPH, MDPI, vol. 17(15), pages 1-27, July.
    15. Yacov Y. Haimes & Kenneth Crowther & Barry M. Horowitz, 2008. "Homeland security preparedness: Balancing protection with resilience in emergent systems," Systems Engineering, John Wiley & Sons, vol. 11(4), pages 287-308, December.
    16. Centobelli, Piera & Cerchione, Roberto & Maglietta, Amedeo & Oropallo, Eugenio, 2023. "Sailing through a digital and resilient shipbuilding supply chain: An empirical investigation," Journal of Business Research, Elsevier, vol. 158(C).
    17. Chun-Hsien Lai & Pi-Ching Liao & Szu-Hung Chen & Yung-Chieh Wang & Chingwen Cheng & Chen-Fa Wu, 2021. "Risk Perception and Adaptation of Climate Change: An Assessment of Community Resilience in Rural Taiwan," Sustainability, MDPI, vol. 13(7), pages 1-15, March.
    18. Beyza, Jesus & Gil, Pablo & Masera, Marcelo & Yusta, Jose M., 2020. "Security assessment of cross-border electricity interconnections," Reliability Engineering and System Safety, Elsevier, vol. 201(C).
    19. Michael Greenberg & Karen Lowrie, 2009. "Toxicity Testing in the 21st Century," Risk Analysis, John Wiley & Sons, vol. 29(4), pages 471-473, April.
    20. Afraz, Muhammad Fawad & Bhatti, Sabeen Hussain & Ferraris, Alberto & Couturier, Jerome, 2021. "The impact of supply chain innovation on competitive advantage in the construction industry: Evidence from a moderated multi-mediation model," Technological Forecasting and Social Change, Elsevier, vol. 162(C).

    More about this item

    Statistics

    Access and download statistics

    Corrections

    All material on this site has been provided by the respective publishers and authors. You can help correct errors and omissions. When requesting a correction, please mention this item's handle: RePEc:wly:syseng:v:16:y:2013:i:3:p:313-328. See general information about how to correct material in RePEc.

    If you have authored this item and are not yet registered with RePEc, we encourage you to do it here. This allows to link your profile to this item. It also allows you to accept potential citations to this item that we are uncertain about.

    If CitEc recognized a bibliographic reference but did not link an item in RePEc to it, you can help with this form .

    If you know of missing items citing this one, you can help us creating those links by adding the relevant references in the same way as above, for each refering item. If you are a registered author of this item, you may also want to check the "citations" tab in your RePEc Author Service profile, as there may be some citations waiting for confirmation.

    For technical questions regarding this item, or to correct its authors, title, abstract, bibliographic or download information, contact: Wiley Content Delivery (email available below). General contact details of provider: https://doi.org/10.1002/(ISSN)1520-6858 .

    Please note that corrections may take a couple of weeks to filter through the various RePEc services.

    IDEAS is a RePEc service. RePEc uses bibliographic data supplied by the respective publishers.