TY  - JOUR
JF  - Journal of Cyber Security Technology
A1  - Ani, UPD
A1  - He, HM
A1  - Tiwari, A
UR  - https://doi.org/10.1080/23742917.2018.1554986
SN  - 2374-2925
IS  - 3-4
N1  - This version is the author accepted manuscript. For information on re-use, please refer to the publisher?s terms and conditions.
SP  - 201
VL  - 2
KW  - OSMD framework
KW  -  security metrics
KW  -  Operational Security metrics
KW  -  industry control environments
KW  -  security measurement
N2  - Security metrics are very crucial towards providing insights when measuring security states and susceptibilities in industrial operational environments. Obtaining practical security metrics depend on effective security metrics development approaches. To be effective, a security metrics development framework should be scope-definitive, objective-oriented, reliable, simple, adaptable, and repeatable (SORSAR). A framework for Operational Security Metrics Development (OSMD) for industry control environments is presented, which combines concepts and characteristics from existing approaches. It also adds the new characteristic of adaptability. The OSMD framework is broken down into three phases of: target definition, objective definition, and metrics synthesis. A case study scenario is used to demonstrate an instance of how to implement and apply the proposed framework to demonstrate its usability and workability. Expert elicitation has also be used to consolidate the validity of the proposed framework. Both validation approaches have helped to show that the proposed framework can help create effective and efficient ICS-centric security metrics taxonomy that can be used to evaluate capabilities or vulnerabilities. The understanding from this can help enhance security assurance within industrial operational environments.
ID  - discovery10084101
PB  - Informa UK Limited
TI  - A framework for Operational Security Metrics Development for industrial control environment
AV  - public
Y1  - 2018/12/13/
EP  - 237
ER  -