This paper explores the idea that IT security risk assessment can be formalized as an argumentation game in which assessors argue about how the system can be attacked by a threat agent and defended by the assessors. A system architecture plus assumptions about the environment is specified as an ASPIC + argumentation theory, and an argument game is defined for exchanging arguments between assessors and hypothetical threat agents about whether the specification satisfies a given security requirement. Satisfaction is always partial and involves a risk assessment of the assessors. The game is dynamic in that the players can both add elements to and delete elements from the architecture specification. The game is shown to respect the underlying...
Most established security risk assessment methodologies aim to produce ranked lists of risks. But ra...
Security assessments are an integral part of organisations\u27 strategies for protecting their digit...
Computer-based systems are increasingly being exposed to evolving security threats, which often reve...
When showing that a software system meets certain security requirements, it is often necessary to wo...
The last twenty years have brought numerous enhancements in technologies for Critical Infrastructure...
When showing that a software system meets certain security requirements, it is often necessary to wo...
Identifying threats and risks to complex systems often requires some form of brainstorming. In addit...
Ad-hoc security mechanisms are effective in solving the particular problems they are designed for, h...
Security games are an example of a successful real-world ap- plication of game theory. The paper def...
Abstract Assessing the security risk of projects in high-risk areas is particularly important. This ...
Information Security Risk Assessment can be viewed as part of requirements engineering because it is...
Information Security Risk Assessment can be viewed as part of requirements engineering because it is...
Introduces reliability and risk analysis in the face of threats by intelligent agents. This book cov...
none4Argumentation is modelled as a game where the payoffs are measured in terms of the probability ...
While there are significant advances in information technology and infrastructure which offer new op...
Most established security risk assessment methodologies aim to produce ranked lists of risks. But ra...
Security assessments are an integral part of organisations\u27 strategies for protecting their digit...
Computer-based systems are increasingly being exposed to evolving security threats, which often reve...
When showing that a software system meets certain security requirements, it is often necessary to wo...
The last twenty years have brought numerous enhancements in technologies for Critical Infrastructure...
When showing that a software system meets certain security requirements, it is often necessary to wo...
Identifying threats and risks to complex systems often requires some form of brainstorming. In addit...
Ad-hoc security mechanisms are effective in solving the particular problems they are designed for, h...
Security games are an example of a successful real-world ap- plication of game theory. The paper def...
Abstract Assessing the security risk of projects in high-risk areas is particularly important. This ...
Information Security Risk Assessment can be viewed as part of requirements engineering because it is...
Information Security Risk Assessment can be viewed as part of requirements engineering because it is...
Introduces reliability and risk analysis in the face of threats by intelligent agents. This book cov...
none4Argumentation is modelled as a game where the payoffs are measured in terms of the probability ...
While there are significant advances in information technology and infrastructure which offer new op...
Most established security risk assessment methodologies aim to produce ranked lists of risks. But ra...
Security assessments are an integral part of organisations\u27 strategies for protecting their digit...
Computer-based systems are increasingly being exposed to evolving security threats, which often reve...