Cyber Resiliency Metrics, Measures of Effectiveness, and Scoring

September 2018
Topics: Information Security, Cybersecurity
Deborah J. Bodeau, The MITRE Corporation
Richard D. Graubart, The MITRE Corporation
Rosalie McQuaid, The MITRE Corporation
John R. Woodill Jr., The MITRE Corporation
Download PDF (3.99 MB)

This report is intended to serve as a general reference for systems engineers, program management staff,and others concerned with assessing or scoring cyber resiliency for systems and missions; selecting cyber resiliency metrics to support cyber resiliency assessment; and defining, evaluating, and using cyber resiliency measures of effectiveness (MOEs) for alternative cyber resiliency solutions. Background material is provided on how cyber resiliency scores, metrics, and MOEs can be characterized and derived. Based on that material, a wide range of potential cyber resiliency metrics are identified. Topics to address when specifying a cyber resiliency metric are identified so that evaluation can be repeatable and reproducible and the metric can be properly interpreted. A tailorable, extensible cyber resiliency scoring methodology is defined. A notional example is provided of how systems engineers and program management can use scoring, metrics, and MOEs to identify potential areas of cyber resiliency improvement and to evaluate the potential benefits of alternative solutions.


Interested in MITRE's Work?

MITRE provides affordable, effective solutions that help the government meet its most complex challenges.
Explore Job Openings

Publication Search