In this article, we present a mixed qualitative and quantitative approach for evaluation of information technology (IT) security investments. For this purpose, we model security scenarios by using defense trees, an extension of attack trees with countermeasures and we use economic quantitative indexes for computing the defender’s return on security investment and the attacker’s return on attack. We show how our approach can be used to evaluate economic profitability of countermeasures and their deterrent effect on attackers, thus providing decision makers with a useful tool for performing better evaluation of IT security investments during the risk management process
Attack trees are a well-known formalism for quantitative analysis of cyber attacks consisting of mul...
Research in information security has generally focused on providing a comprehensive interpretation o...
Attack trees are a well-known formalism for quantitative analysis of cyber attacks consisting of mul...
Quantitative security risk evaluation of information systems is increasingly drawing more and more a...
Security risk treatment often requires a complex cost-benefit analysis to be carried out in order to...
AbstractWith constantly increasing risks of product piracy the cost-efficiency question of protectio...
Conducting a cost-benefit analyses of security solutions has always been hard, because the benefits ...
Cyber breaches have grown exponentially over the years, both in the number of incidents and in damag...
To cope up the network security measures with the financial restrictions in the corporate world is s...
This paper presents scenarios of information security—defending against directed security threats, r...
Cyber attacks are becoming increasingly complex, practically sophisticated and organized. Losses due...
In modeling system response to security threats, researchers have made extensive use of state space ...
Information security is an extremely important aspect of information systems. A lot of research has ...
International audienceWe propose a mitigation model that evaluates individual and combined counterme...
Quantitative metrics can aid decision-makers in making informed trade-off decisions. In system-leve...
Attack trees are a well-known formalism for quantitative analysis of cyber attacks consisting of mul...
Research in information security has generally focused on providing a comprehensive interpretation o...
Attack trees are a well-known formalism for quantitative analysis of cyber attacks consisting of mul...
Quantitative security risk evaluation of information systems is increasingly drawing more and more a...
Security risk treatment often requires a complex cost-benefit analysis to be carried out in order to...
AbstractWith constantly increasing risks of product piracy the cost-efficiency question of protectio...
Conducting a cost-benefit analyses of security solutions has always been hard, because the benefits ...
Cyber breaches have grown exponentially over the years, both in the number of incidents and in damag...
To cope up the network security measures with the financial restrictions in the corporate world is s...
This paper presents scenarios of information security—defending against directed security threats, r...
Cyber attacks are becoming increasingly complex, practically sophisticated and organized. Losses due...
In modeling system response to security threats, researchers have made extensive use of state space ...
Information security is an extremely important aspect of information systems. A lot of research has ...
International audienceWe propose a mitigation model that evaluates individual and combined counterme...
Quantitative metrics can aid decision-makers in making informed trade-off decisions. In system-leve...
Attack trees are a well-known formalism for quantitative analysis of cyber attacks consisting of mul...
Research in information security has generally focused on providing a comprehensive interpretation o...
Attack trees are a well-known formalism for quantitative analysis of cyber attacks consisting of mul...