资源描述:
《【国防经济学英文论文】Defense trees for economic evaluation of security investments》由会员上传分享,免费在线阅读,更多相关内容在学术论文-天天文库。
1、DefensetreesforeconomicevaluationofsecurityinvestmentsStefanoBistarelli∗FabioFioravantiPamelaPerettiDipartimentodiScienzeUniversitadegliStudiG.dAnnunzio`Pescara,ItalyE-mail:{bista,fioravanti,peretti}@sci.unich.itAbstractprocess,andoftensecuritymanagershavetodecideamongtoomany
2、alternatives.Usually,twopossibleapproachesInthispaperwepresentamixedqualitativeandquan-forthesecurityriskmanagementprocesscanbefollowed:titativeapproachforevaluationofInformationTechnologythequalitativeandthequantitativeones.Thequalitative(IT)securityinvestments.approachisbas
3、edonrelativeevaluationofrisks,whilstForthispurpose,wemodelsecurityscenariosbyusingthequantitativeapproachtriestogivepreciseandobjectivedefensetrees,anextensionofattacktreeswithattackcoun-measuresofrisk.termeasuresandweuseeconomicquantitativeindexesforInthispaperwedefineamethod
4、ologytomixthebenefitcomputingthedefendersreturnonsecurityinvestmentandofthetwoapproaches.Thequalitativeapproachwillbetheattackersreturnonattack.usedtodepictsecurityscenarios(viaamodifiedversionofWeshowhowourapproachcanbeusedtoevaluateef-attacktrees[18,1,19,16]),andquantitativei
5、ndexes[10,fectivenessandeconomicprofitabilityofcountermeasures11]willbeusedtomeasurerisk.aswellastheirdeterrenteffectonattackers,thusprovid-Moreindetail,wedefinedefensetreesbyextendingat-ingdecisionmakerswithausefultoolforperformingbettertackstreeswithcountermeasures.Welabeleac
6、hnoderep-evaluationofITsecurityinvestmentsduringtheriskman-resentingaspecifiedvulnerabilitywithasetofcountermea-agementprocess.sureswhichmitigatethedamageofthreatsusingsuchavul-nerability.Then,economicindexesareusedaslabelsforthecountermeasures.1IntroductionTheReturnonInvestme
7、nt(ROI)[21,20]indexgivesaSecurityhasbecometodayafundamentalpartofthemeasureoftheefficacyofaspecificsecurityinvestmentinenterpriseinvestment.Infact,moreandmorecasesareacountermeasurew.r.t.aspecificattack.TheReturnonAt-reportedshowingtheimportanceofassuringanadequatetack(ROA)[4]is
8、insteadanindexthatisaimedatmeasur-levelofprotectiontotheenterprisesa
