Abstract
In earlier works we presented a computational infrastructure that allows an analyst to estimate the security of a system in terms of the loss that each stakeholder stands to sustain as a result of security breakdowns. In this paper we illustrate this infrastructure by means of an e-commerce application.
This is a preview of subscription content, log in via an institution to check access.
Similar content being viewed by others
Explore related subjects
Discover the latest articles, news and stories from top researchers in related subjects.References
Abercrombie RK, Sheldon FT, Mili A (2008) Synopsis of evaluating security controls based on key performance indicators and stakeholder mission value. In: 11th IEEE high assurance systems engineering symposium (HASE ‘08), Nanjing, China, pp 479–482
Sheldon FT, Abercrombie RK, Mili A (2009) Methodology for evaluating security controls based on key performance indicators and stakeholder mission. In: Proceedings of 42nd annual Hawaii international conference on system sciences (HICSS-42), Waikoloa, HI, p 10
Abercrombie RK, Sheldon FT, Mili A (2009) Managing complex IT security process with valued based measures. In: 2009 IEEE symposium on computational intelligence in cyber security (CICS 2009), Nashville, TN, p 7
Firesmith D (2004) Specifying reusable security requirements. J Object Technol 3(1): 61–75
Rocha SVd, Abdelouahab Z, Freire E (2005) Requirement elicitation based on goals with security and privacy policies in electronic commerce. In: Anais do WER05—workshop em Engenharia de Requisitos, Porto, Portugal, pp 63–74
Sekaran KC (2007) Requirements driven multiple view paradigm for developing security architecture. In: PWASET, Proceedings of World Academy of Science, Engineering and Technology, pp 156–159
Sawma VD, Probert RL (2003) E-Commerce authentication: an effective countermeasures design model. In: ICEIS 2003, Proceedings of the 5th international conference on enterprise information systems, Angers, France, pp 447–455
Pritchett D (2007) The eBay architecture: striking a balance between stability, feature velocity, performance, and cost. In: Colorado Software Summit 2007, Keystone, CO, pp 1–39
Ahmed MU “eBay—eCommerce platform, a case study in scalability. McGill University, pp 1–13
Goswami R, De SK, Datta B (2005) E-business adoption in select Indian firms and segments: a stakeholders’ approach through select Indian portals analysis. In: CISTM 2005, conference of information science, technology and management, pp 1–22
Sheldon FT, Abercrombie RK, Mili A (2008) Evaluating security controls based on key performance indicators and stakeholder mission. In: Proceedings of the 4th annual cyber security and information intelligence research workshop, Oak Ridge, TN
Shin Y, Myers S, Gupta M (2009) A case study on asprox infection dynamics. In: Sixth conference on detection of intrusions and malware & vulnerability assessment (DIMVA 2009), Milan, Italy. Springer, Heidelberg, pp 1–20
Mili A, Sheldon FT (2007) Measuring reliability as a mean failure cost. In: Proceedings of the 10th IEEE high assurance systems engineering symposium, Dallas, TX, pp 403–404
Mili A, Sheldon FT (2009) Challenging the mean time to failure: measuring dependability as a mean failure cost. In: Proceedings of 42nd Hawaii international conference on system sciences (HICSS-42), Waikoloa, HI, p 10
Anti virus comparative test No 20: http://www.av-comparatives.org, November 2008
Author information
Authors and Affiliations
Corresponding author
Rights and permissions
About this article
Cite this article
Aissa, A.B., Abercrombie, R.K., Sheldon, F.T. et al. Quantifying security threats and their potential impacts: a case study. Innovations Syst Softw Eng 6, 269–281 (2010). https://doi.org/10.1007/s11334-010-0123-2
Received:
Accepted:
Published:
Issue Date:
DOI: https://doi.org/10.1007/s11334-010-0123-2