iMeasure Security (iMS): A Framework for Quantitative Assessment of Security Measures and its Impacts

As business systems are getting interconnected, the importance of security is growing at an unprecedented pace. To protect information, strong security measures need to be implemented and continuously updated and monitored to ensure their promise against present and future security breaches. However, the growth of networked systems and the increasing availability of sophisticated hacking tools make the task of securing business systems challenging. To enhance the security strength and to justify any investment in security-related products, it becomes mandatory to assess the security measures in place and estimate the level of security provided by them. The existing standards to certify the strength of a security system are qualitative, lack consideration of the countermeasures and do not consider the impact of security breaches. Consequently, there is a need for an alternative approach to estimate the security strength of a system in a quantitative manner. This paper aims to provide an extensible framework called iMeasure Security (iMS) that quantifies the security strength of an enterprise system by considering the countermeasures deployed in its network, analyzes the business impact of the security breaches, and provides insights as to how the level of security can be improved from current levels.