A Model for and Inventory of Cybersecurity Values: Metrics and Best Practices

This chapter outlines several methodologies in operations research that are useful for cyber defense, then establishes a value model for cybersecurity metrics and best practices. The framework developed in this chapter can be customized based on organizational values and needs. An inventory of values from a survey of information technology professionals provides context, but each individual organization should use its own data and assessments to populate this model. Students can benefit from this chapter by learning the Value Focused Thinking and multi-objective decision analysis frameworks, as well as cybersecurity values. Practitioners can benefit from understanding an illustration of the model and then applying the approach in their own organizations.