Abstract/Summary

This thesis addresses the individuation of the appropriate scientific tools in order to create a methodology and a set of models for establishing the suitable metrics and pertinent analytical capacity in the cyber dimension for social applications. The current state of the art of cyber security is exemplified by some specific characteristics (IEEE"Orange Book s", 1995). Firstly there is a lack of reference models and appropriate metrics for the security measures of a cyber architecture even including the PSN (Public Services Network). Secondly, the shortage of an accounting policy generates strong limitations for an accurate mapping of cyber security. Thirdly, the lack of a methodology for risk management does not allow going beyond the application of empirical processes and "rules of thumb". Finally, the lacuna in identifying the principles for making judgments of cyber competitive advantage does not create the conditions for ascertaining the accountability of "cyber value". At the moment the previous characteristics are negating any possibility of a build-up policy for monitoring, managing and mapping the cyber risks. The thesis, starting with the four mentioned characteristics, focuses on a description of the cyber phenomenon with the methodology of inquiry based on empirical and measurable evidence subject to specific principles of reasoning (www.diffen.com) That represents a complete novelty in creating a normative theory that would be a body of knowledge for providing "goals, norms and standards". The theory would be associated with particular explanatory models that represent a new scientific approach. For this purpose, the thesis sets up brand-new models called AIMS (Abbo Information Models for Security) where the point of attack is the current management based on the perception of security that is considered a function of the interaction of its components: Asset (A), Protector (P) and Threat (T) in a given Situation (Manunta G., 2000). A further element of novelty is the introduction of another model called the B.I.F. (Business Information Flow) model. The B.l.F. is a holistic unitary entity focusing on a specific aim or unitary mission. The quantity of information is normally encapsulated in business information flows that we can define as the unit of information value. The value may be expressed in accordance with the accounting rule, which means the release of the information balance sheet and the information income statement. The B.l.F. represents the unit of any cyber question of the manageable simple parts related to the Cartesian method. This sense of unity combines the social or organizational component and the related infrastructure of cyber architectures. The work represents a clear distinction from any existing in the literature reviews. From this perspective, the impact of the research results will be a great opportunity, based on scientific rigor, for cyber security communities in allowing them to be able to understand, map, manage and monitor the cyber risk. (Abbo, 2012)