Cyber Resiliency Metrics, Measures of Effectiveness, and Scoring: Enabling Systems Engineers and Program Managers to Select the Most Useful Assessment Methods
Abstract
This report is intended to serve as a general reference for systems engineers, program management staff, and others concerned with assessing or scoring cyber resiliency for systems and missions; selecting cyber resiliency metrics to support cyber resiliency assessment; and defining, evaluating, and using cyber resiliency measures of effectiveness (MOEs) for alternative cyber resiliency solutions. Background material is provided on how cyber resiliency scores, metrics, and MOEs can be characterized and derived; based on that material, a wide range of potential cyber resiliency metrics are identified. Topics to address when specifying a cyber resiliency metric are identified so that evaluation can be repeatable and reproducible, and so that the metric can be properly interpreted. A tailorable, extensible cyber resiliency scoring methodology is defined. A notional example is provided of how scoring, metrics, and MOEs can be used by systems engineers and program management to identify potential areas of cyber resiliency improvement and to evaluate the potential benefits of alternative solutions.
Document Details
- Document Type
- Technical Report
- Publication Date
- Sep 01, 2018
- Accession Number
- AD1108019
Entities
People
- Deborah J. Bodeau
- John Woodill
- Richard D. Graubart
- Rosalie M. Mcquaid
Organizations
- MITRE Corporation