{"id":"https://openalex.org/W1991587659","doi":"https://doi.org/10.1145/2746266.2746284","title":"Risk and Vulnerability Assessment Using Cybernomic Computational Models","display_name":"Risk and Vulnerability Assessment Using Cybernomic Computational Models","publication_year":2015,"publication_date":"2015-04-07","ids":{"openalex":"https://openalex.org/W1991587659","doi":"https://doi.org/10.1145/2746266.2746284","mag":"1991587659"},"language":"en","primary_location":{"id":"doi:10.1145/2746266.2746284","is_oa":false,"landing_page_url":"https://doi.org/10.1145/2746266.2746284","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 10th Annual Cyber and Information Security Research Conference","raw_type":"proceedings-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":false,"oa_status":"closed","oa_url":null,"any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5004374284","display_name":"Robert K. Abercrombie","orcid":"https://orcid.org/0000-0003-0949-4070"},"institutions":[{"id":"https://openalex.org/I1289243028","display_name":"Oak Ridge National Laboratory","ror":"https://ror.org/01qz5mb56","country_code":"US","type":"facility","lineage":["https://openalex.org/I1289243028","https://openalex.org/I1330989302","https://openalex.org/I39565521","https://openalex.org/I4210159294"]}],"countries":["US"],"is_corresponding":true,"raw_author_name":"Robert K. Abercrombie","raw_affiliation_strings":["Oak Ridge National Laboratory, P.O. Box 2008, Oak Ridge, TN 37831-6085 USA, 1+ 865-241-6537"],"affiliations":[{"raw_affiliation_string":"Oak Ridge National Laboratory, P.O. Box 2008, Oak Ridge, TN 37831-6085 USA, 1+ 865-241-6537","institution_ids":["https://openalex.org/I1289243028"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5019549865","display_name":"Frederick T. Sheldon","orcid":"https://orcid.org/0000-0003-1241-2750"},"institutions":[{"id":"https://openalex.org/I94658018","display_name":"University of Memphis","ror":"https://ror.org/01cq23130","country_code":"US","type":"education","lineage":["https://openalex.org/I94658018"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Frederick T. Sheldon","raw_affiliation_strings":["University of Memphis, 100 Technology Drive, Memphis, TN 37152 USA, 1+ 901-678-1643"],"affiliations":[{"raw_affiliation_string":"University of Memphis, 100 Technology Drive, Memphis, TN 37152 USA, 1+ 901-678-1643","institution_ids":["https://openalex.org/I94658018"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5044044848","display_name":"Bob G Schlicher","orcid":null},"institutions":[{"id":"https://openalex.org/I1289243028","display_name":"Oak Ridge National Laboratory","ror":"https://ror.org/01qz5mb56","country_code":"US","type":"facility","lineage":["https://openalex.org/I1289243028","https://openalex.org/I1330989302","https://openalex.org/I39565521","https://openalex.org/I4210159294"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Bob G. Schlicher","raw_affiliation_strings":["Oak Ridge National Laboratory, P.O. Box 2008, Oak Ridge, TN 37831-6085 USA, 1+ 865-574-4988"],"affiliations":[{"raw_affiliation_string":"Oak Ridge National Laboratory, P.O. Box 2008, Oak Ridge, TN 37831-6085 USA, 1+ 865-574-4988","institution_ids":["https://openalex.org/I1289243028"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":3,"corresponding_author_ids":["https://openalex.org/A5004374284"],"corresponding_institution_ids":["https://openalex.org/I1289243028"],"apc_list":null,"apc_paid":null,"fwci":0.7946,"has_fulltext":false,"cited_by_count":3,"citation_normalized_percentile":{"value":0.8058038,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":{"min":89,"max":94},"biblio":{"volume":null,"issue":null,"first_page":"1","last_page":"4"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T10734","display_name":"Information and Cyber Security","score":0.9997000098228455,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T10734","display_name":"Information and Cyber Security","score":0.9997000098228455,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":0.9975000023841858,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11807","display_name":"Infrastructure Resilience and Vulnerability Analysis","score":0.9858999848365784,"subfield":{"id":"https://openalex.org/subfields/2205","display_name":"Civil and Structural Engineering"},"field":{"id":"https://openalex.org/fields/22","display_name":"Engineering"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/risk-analysis","display_name":"Risk analysis (engineering)","score":0.6663311719894409},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.6536165475845337},{"id":"https://openalex.org/keywords/damages","display_name":"Damages","score":0.6500734090805054},{"id":"https://openalex.org/keywords/vulnerability","display_name":"Vulnerability (computing)","score":0.5654831528663635},{"id":"https://openalex.org/keywords/compromise","display_name":"Compromise","score":0.5577766299247742},{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.5524430274963379},{"id":"https://openalex.org/keywords/software-deployment","display_name":"Software deployment","score":0.5520728230476379},{"id":"https://openalex.org/keywords/return-on-investment","display_name":"Return on investment","score":0.5365958213806152},{"id":"https://openalex.org/keywords/confidentiality","display_name":"Confidentiality","score":0.5347292423248291},{"id":"https://openalex.org/keywords/cost\u2013benefit-analysis","display_name":"Cost\u2013benefit analysis","score":0.48291346430778503},{"id":"https://openalex.org/keywords/stakeholder","display_name":"Stakeholder","score":0.47772499918937683},{"id":"https://openalex.org/keywords/ranking","display_name":"Ranking (information retrieval)","score":0.4741239547729492},{"id":"https://openalex.org/keywords/risk-management","display_name":"Risk management","score":0.44116485118865967},{"id":"https://openalex.org/keywords/key","display_name":"Key (lock)","score":0.43953943252563477},{"id":"https://openalex.org/keywords/investment","display_name":"Investment (military)","score":0.41596537828445435},{"id":"https://openalex.org/keywords/risk-assessment","display_name":"Risk assessment","score":0.41352778673171997},{"id":"https://openalex.org/keywords/business","display_name":"Business","score":0.3389819860458374},{"id":"https://openalex.org/keywords/finance","display_name":"Finance","score":0.1613312065601349},{"id":"https://openalex.org/keywords/economics","display_name":"Economics","score":0.1611585021018982}],"concepts":[{"id":"https://openalex.org/C112930515","wikidata":"https://www.wikidata.org/wiki/Q4389547","display_name":"Risk analysis (engineering)","level":1,"score":0.6663311719894409},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.6536165475845337},{"id":"https://openalex.org/C2777381055","wikidata":"https://www.wikidata.org/wiki/Q308922","display_name":"Damages","level":2,"score":0.6500734090805054},{"id":"https://openalex.org/C95713431","wikidata":"https://www.wikidata.org/wiki/Q631425","display_name":"Vulnerability (computing)","level":2,"score":0.5654831528663635},{"id":"https://openalex.org/C46355384","wikidata":"https://www.wikidata.org/wiki/Q726686","display_name":"Compromise","level":2,"score":0.5577766299247742},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.5524430274963379},{"id":"https://openalex.org/C105339364","wikidata":"https://www.wikidata.org/wiki/Q2297740","display_name":"Software deployment","level":2,"score":0.5520728230476379},{"id":"https://openalex.org/C169549615","wikidata":"https://www.wikidata.org/wiki/Q939134","display_name":"Return on investment","level":3,"score":0.5365958213806152},{"id":"https://openalex.org/C71745522","wikidata":"https://www.wikidata.org/wiki/Q2476929","display_name":"Confidentiality","level":2,"score":0.5347292423248291},{"id":"https://openalex.org/C127454912","wikidata":"https://www.wikidata.org/wiki/Q942582","display_name":"Cost\u2013benefit analysis","level":2,"score":0.48291346430778503},{"id":"https://openalex.org/C201305675","wikidata":"https://www.wikidata.org/wiki/Q852998","display_name":"Stakeholder","level":2,"score":0.47772499918937683},{"id":"https://openalex.org/C189430467","wikidata":"https://www.wikidata.org/wiki/Q7293293","display_name":"Ranking (information retrieval)","level":2,"score":0.4741239547729492},{"id":"https://openalex.org/C32896092","wikidata":"https://www.wikidata.org/wiki/Q189447","display_name":"Risk management","level":2,"score":0.44116485118865967},{"id":"https://openalex.org/C26517878","wikidata":"https://www.wikidata.org/wiki/Q228039","display_name":"Key (lock)","level":2,"score":0.43953943252563477},{"id":"https://openalex.org/C27548731","wikidata":"https://www.wikidata.org/wiki/Q88272","display_name":"Investment (military)","level":3,"score":0.41596537828445435},{"id":"https://openalex.org/C12174686","wikidata":"https://www.wikidata.org/wiki/Q1058438","display_name":"Risk assessment","level":2,"score":0.41352778673171997},{"id":"https://openalex.org/C144133560","wikidata":"https://www.wikidata.org/wiki/Q4830453","display_name":"Business","level":0,"score":0.3389819860458374},{"id":"https://openalex.org/C10138342","wikidata":"https://www.wikidata.org/wiki/Q43015","display_name":"Finance","level":1,"score":0.1613312065601349},{"id":"https://openalex.org/C162324750","wikidata":"https://www.wikidata.org/wiki/Q8134","display_name":"Economics","level":0,"score":0.1611585021018982},{"id":"https://openalex.org/C17744445","wikidata":"https://www.wikidata.org/wiki/Q36442","display_name":"Political science","level":0,"score":0.0},{"id":"https://openalex.org/C111919701","wikidata":"https://www.wikidata.org/wiki/Q9135","display_name":"Operating system","level":1,"score":0.0},{"id":"https://openalex.org/C86803240","wikidata":"https://www.wikidata.org/wiki/Q420","display_name":"Biology","level":0,"score":0.0},{"id":"https://openalex.org/C144024400","wikidata":"https://www.wikidata.org/wiki/Q21201","display_name":"Sociology","level":0,"score":0.0},{"id":"https://openalex.org/C119857082","wikidata":"https://www.wikidata.org/wiki/Q2539","display_name":"Machine learning","level":1,"score":0.0},{"id":"https://openalex.org/C187736073","wikidata":"https://www.wikidata.org/wiki/Q2920921","display_name":"Management","level":1,"score":0.0},{"id":"https://openalex.org/C199539241","wikidata":"https://www.wikidata.org/wiki/Q7748","display_name":"Law","level":1,"score":0.0},{"id":"https://openalex.org/C18903297","wikidata":"https://www.wikidata.org/wiki/Q7150","display_name":"Ecology","level":1,"score":0.0},{"id":"https://openalex.org/C2778348673","wikidata":"https://www.wikidata.org/wiki/Q739302","display_name":"Production (economics)","level":2,"score":0.0},{"id":"https://openalex.org/C139719470","wikidata":"https://www.wikidata.org/wiki/Q39680","display_name":"Macroeconomics","level":1,"score":0.0},{"id":"https://openalex.org/C94625758","wikidata":"https://www.wikidata.org/wiki/Q7163","display_name":"Politics","level":2,"score":0.0},{"id":"https://openalex.org/C36289849","wikidata":"https://www.wikidata.org/wiki/Q34749","display_name":"Social science","level":1,"score":0.0}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1145/2746266.2746284","is_oa":false,"landing_page_url":"https://doi.org/10.1145/2746266.2746284","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 10th Annual Cyber and Information Security Research Conference","raw_type":"proceedings-article"}],"best_oa_location":null,"sustainable_development_goals":[],"awards":[],"funders":[{"id":"https://openalex.org/F4320306084","display_name":"U.S. Department of Energy","ror":"https://ror.org/01bj3aw27"}],"has_content":{"grobid_xml":false,"pdf":false},"content_urls":null,"referenced_works_count":24,"referenced_works":["https://openalex.org/W1032975186","https://openalex.org/W1544161425","https://openalex.org/W1579307264","https://openalex.org/W1964439345","https://openalex.org/W1968909445","https://openalex.org/W1990488508","https://openalex.org/W2004755516","https://openalex.org/W2023122196","https://openalex.org/W2045814518","https://openalex.org/W2065687680","https://openalex.org/W2084507001","https://openalex.org/W2092214024","https://openalex.org/W2110030812","https://openalex.org/W2111471824","https://openalex.org/W2116792759","https://openalex.org/W2139767578","https://openalex.org/W2150704630","https://openalex.org/W2160150359","https://openalex.org/W2295299152","https://openalex.org/W2640631472","https://openalex.org/W2790622811","https://openalex.org/W3000771592","https://openalex.org/W3151447477","https://openalex.org/W6772453558"],"related_works":["https://openalex.org/W4286387041","https://openalex.org/W1575467574","https://openalex.org/W2061604654","https://openalex.org/W2031775782","https://openalex.org/W4322505491","https://openalex.org/W2339858639","https://openalex.org/W2009364678","https://openalex.org/W2730863691","https://openalex.org/W4312557916","https://openalex.org/W1970105892"],"abstract_inverted_index":{"In":[0],"cybersecurity,":[1],"there":[2],"are":[3],"many":[4],"influencing":[5],"economic":[6],"factors":[7],"to":[8,145,148],"weigh.":[9],"This":[10,184],"paper":[11],"considers":[12,142],"the":[13,29,39,103,109,137,143,146,153,158,177],"defender-practitioner":[14],"stakeholder":[15],"points-of-view":[16],"that":[17,75,160],"involve":[18],"cost":[19,30,42,178],"combined":[20],"with":[21,47],"development":[22],"and":[23,34,43,99,165,171,182,195],"deployment":[24],"considerations.":[25],"Some":[26],"examples":[27],"include":[28],"of":[31,132,139],"countermeasures,":[32],"training":[33],"maintenance":[35],"as":[36,38],"well":[37],"lost":[40],"opportunity":[41],"actual":[44],"damages":[45],"associated":[46],"a":[48,161],"compromise.":[49],"The":[50,113],"return":[51],"on":[52,92,102],"investment":[53],"(ROI)":[54],"from":[55,58,64],"countermeasures":[56],"comes":[57],"saved":[59],"impact":[60,95,185],"costs":[61],"(i.e.,":[62],"losses":[63],"violating":[65],"availability,":[66],"integrity,":[67],"confidentiality":[68],"or":[69],"privacy":[70],"requirements).":[71],"A":[72],"measured":[73],"approach":[74,115],"informs":[76],"cybersecurity":[77,193],"practice":[78],"is":[79],"pursued":[80],"toward":[81],"maximizing":[82],"ROI.":[83],"To":[84,126],"this":[85,128],"end":[86],"for":[87,191],"example,":[88],"ranking":[89,192],"threats":[90,194],"based":[91],"their":[93],"potential":[94,111],"focuses":[96],"security":[97,133],"mitigation":[98],"control":[100],"investments":[101],"highest":[104],"value":[105],"assets,":[106],"which":[107],"represent":[108],"greatest":[110],"losses.":[112],"traditional":[114],"uses":[116],"risk":[117,122,150],"exposure":[118],"(calculated":[119],"by":[120,124],"multiplying":[121],"probability":[123],"impact).":[125],"address":[127],"issue":[129],"in":[130],"terms":[131],"economics,":[134],"we":[135,156],"introduce":[136],"notion":[138],"Cybernomics.":[140],"Cybernomics":[141],"cost/benefits":[144],"attacker/defender":[147],"estimate":[149],"exposure.":[151],"As":[152],"first":[154],"step,":[155],"discuss":[157],"likelihood":[159],"threat":[162],"will":[163,175],"emerge":[164],"whether":[166],"it":[167],"can":[168,187],"be":[169,176],"thwarted":[170],"if":[172],"not":[173],"what":[174],"(losses":[179],"both":[180],"tangible":[181],"intangible).":[183],"assessment":[186],"provide":[188],"key":[189],"information":[190],"managing":[196],"risk.":[197]},"counts_by_year":[{"year":2021,"cited_by_count":1},{"year":2020,"cited_by_count":1},{"year":2017,"cited_by_count":1}],"updated_date":"2025-11-06T03:46:38.306776","created_date":"2025-10-10T00:00:00"}