Quantification of information systems security with stochastic calculus

Abstract

Undoubtely, our daily lives have drastically changed over the years, shifting from a traditional to a more electronic way of living and communicating. This is the main reason that cyber-crook \profession" is booming and authorities or agencies have found themselves in a difficult situation while trying to deal with this rapidly spreading plague. As a con- sequence, new words, like cyber-war, cyber-espionage and cyber-crime, have emerged. Within this context, 2011, has been both the year of cyber-security awareness, as countless cyber-attacks found their way to the news headlines and the year with most intrusions ever aimed at companies and government agencies. Thus, a common problem among organizations nowadays is Information System security management in an effective way. In order to do that, organizations need to know at any given point in time how secure their ISs are. This work proposes a novel methodology for the security quantification of ISs using stochastic calculus. Adopting the proposed methodology will enable any organization to quantify the security level of its ISs in an unbiased and accurate way. Copyright 2012 ACM.