Defense trees for economic evaluation of security investments

14 years 5 months ago

Download www.sci.unich.it

In this paper we present a mixed qualitative and quantitative approach for evaluation of Information Technology (IT) security investments. For this purpose, we model security scenarios by using defense trees, an extension of attack trees with attack countermeasures and we use economic quantitative indexes for computing the defender’s return on security investment and the attacker’s return on attack. We show how our approach can be used to evaluate effectiveness and economic proﬁtability of countermeasures as well as their deterrent effect on attackers, thus providing decision makers with a useful tool for performing better evaluation of IT security investments during the risk management process.

Stefano Bistarelli, Fabio Fioravanti, Pamela Peret

Real-time Traffic

Attack Countermeasures | Economic Quantitative Indexes | IEEEARES 2006 | Security Investments | Security Privacy |

claim paper

Post Info
More Details (n/a)

Added	11 Jun 2010
Updated	11 Jun 2010
Type	Conference
Year	2006
Where	IEEEARES
Authors	Stefano Bistarelli, Fabio Fioravanti, Pamela Peretti

Comments (0)

Sciweavers

Defense trees for economic evaluation of security investments

Attack Countermeasures | Economic Quantitative Indexes | IEEEARES 2006 | Security Investments | Security Privacy |

Explore & Download

Productivity Tools

Document Tools

Image Tools

Sciweavers