Defense trees for economic evaluation of security investments

被引：79

作者：

Bistarelli, Stefano ^{[1
]}

Fioravanti, Fabio ^{[1
]}

Peretti, Pamela ^{[1
]}

机构：

[1] Univ G Dannunzio, Dipartimento Sci, Pescara, Italy

来源：

FIRST INTERNATIONAL CONFERENCE ON AVAILABILITY, RELIABILITY AND SECURITY, PROCEEDINGS | 2006年

关键词：

D O I：

10.1109/ARES.2006.46

中图分类号：

TP [自动化技术、计算机技术];

学科分类号：

0812 ;

摘要：

In this paper we present a mixed qualitative and quantitative approach for evaluation of Information Technology (IT) security investments. For this purpose, we model security scenarios by using defense trees, an extension of attack trees with attack countermeasures and we use economic quantitative indexes for computing the defender's return on security investment and the attacker's return on attack. We show how our approach can be used to evaluate effectiveness and economic profitability of countermeasures as well as their deterrent effect on attackers, thus providing decision makers with a useful tool for performing better evaluation of IT security investments during the risk management process.

引用

页码：416 / +

页数：2

共 22 条

[1]

[Anonymous], 2002, NIST SPECIAL PUBLICA

[2]

[Anonymous], 1988, POSSIBILITY THEORY A

[3]

[Anonymous], 2001, CMUSEI2001TN001

[4]

BALZAROTTI D, 2005, P 1 WORKSH QOP SEP

[5]

BISTARELLI S, 2004, LNCS, V2969

[6]

Clark D.D., 1987, IEEE S COMP SEC PRIV

[7]

Cremonini M., 2005, 4 WORKSH EC INF SEC

[8]

GILBERT M, 2003, DISASTER RECOVERY PL

[9]

Gordon L. A., 2002, ACM Transactions on Information and Systems Security, V5, P438, DOI 10.1145/581271.581274

[10]

Jenkins B. D., 1998, SECURITY RISK ANAL M

← 1 2 3 →