Cyber Security Quantification Model

Abstract

Security of information systems is a major concern today because the existing threats are getting new dimensions. Information Security (IS) is to protect our
important information assets from accidental or deliberate damages. Cyber Security (CS) is a whole set of procedures and systems providing protection of computer systems and networks from the intentional and unintentional damages or dangers in the cyberspace through services like
confidentiality, integrity, authentication, availability, nonrepudiation, auditing, and digital signature. To counter the increasing cyber terrorism threats, we need predictive calculation of cyber attacks occurrences. We can do this by giving mathematical models for the elements of CS systems. Researchers have suggested some models for the quantification of CS, however, the existing models have either enforced only qualitative measures or the quantification models lack modeling features and without validation with the realistic data. There is a requirement for a unified model for the quantification of CS that considers majority of the parameters and services for it and which should be validated with realistic data. We propose a quantification model of cyber security, which considers most of the CS parameters. This is a generalized model, which is customizable enough to be used in multitude implementation environments. The proposed model is simulated and validated with an example of real life data for the SZABIST Islamabad Campus email server.