Measuring the risk-based value of IT security solutions

Arora, Ashish; Hall, D.E.; Piato, C.A.; Ramsey, Dwayne; Telang, Rahul

doi:10.1109/mitp.2004.89

Cited by 58 publications

(38 citation statements)

References 1 publication

Supporting

Mentioning

Contrasting

Unclassified

Order By: Relevance

“…Estimating the actual attack damage is usually a part of the risk assessment process [12]. While apriori measurement of actual damage for an attack is not always possible, approximate values can be estimated.…”

Section: A Evaluation Metricsmentioning

confidence: 99%

A Framework for Cost Sensitive Assessment of Intrusion Response Selection

Strasburg

Stakhanova

Basu

et al. 2009

2009 33rd Annual IEEE International Computer Software and Applications Conference

View full text Add to dashboard Cite

Abstract-In recent years, cost-sensitive intrusion response has gained significant interest, mainly due to its emphasis on the balance between potential damage incurred by the intrusion and cost of the response. However, one of the challenges in applying this approach is defining a consistent and adaptable measurement of these cost factors on the basis of system requirements and policy. In this paper, we present a host-based framework for the cost-sensitive assessment and selection of intrusion response. Specifically, we introduce a set of measurements that characterize the potential costs associated with the intrusion handling process, and propose an intrusion response evaluation method with respect to the risk of potential intrusion damage, the effectiveness of the response action and the response cost for a system. We provide an implementation of the proposed solution as an IDS-independent plugin tool and demonstrate its advantages on the several attack examples.

show abstract

Section: A Evaluation Metricsmentioning

confidence: 99%

A Framework for Cost Sensitive Assessment of Intrusion Response Selection

Strasburg

Stakhanova

Basu

et al. 2009

2009 33rd Annual IEEE International Computer Software and Applications Conference

View full text Add to dashboard Cite

show abstract

“…While the approaches mentioned above consider response within the framework of intrusion handling, there is an alternative view of intrusion countermeasures assessment based on the return-on-investment (ROI) [4]. ROI is one of the commonly used metrics to estimate the efficiency of organization's security solution investments.…”

Section: Related Workmentioning

confidence: 99%

“…Generally estimating the actual damage of an attack incident is a part of the risk-based assessment of organization's security solutions [4]. While accurate measurement of damages for specific attacks is not always possible, the organization can still establish the average damage estimates.…”

Section: Assessment Of Intrusion Costmentioning

confidence: 99%

“…In contrast to the majority of existing approaches which offer intrusion specific response selection [25], our framework provides a generalized assessment mechanism that allows one to analyze response measures for any attack in the context of the security policies of the given system. 4. Practical implementability: the work provides a step-by-step assessment process that allows system administrators with a broad range of skill levels to deploy this approach.…”

Section: Introductionmentioning

confidence: 99%

See 1 more Smart Citation

Towards cost-sensitive assessment of intrusion response selection

Stakhanova

Strasburg

Basu

et al. 2012

JCS

View full text Add to dashboard Cite

In recent years, cost-sensitive intrusion response has gained significant interest mainly due to its emphasis on the balance between potential damage incurred by the intrusion and cost of the response. However, one of the challenges in applying this approach is defining consistent and adaptable measurements of these cost factors on the basis of requirements and policy of the system being protected against intrusions.In this paper we present a framework for the cost-sensitive selection of intrusion response. Specifically, we introduce a set of measurements that characterize potential costs associated with the intrusion handling process and propose evaluation method of intrusion response with respect to the risk of potential intrusion damage, effectiveness of response action and response cost for a system. We provide an implementation of the proposed solution as a plugin tool for Snort IDS and demonstrate its advantages on DARPA data set and real network traffic.

show abstract

“…Often risk is expressed by measuring Annual Loss Expectancy (ALE), which is calculated by summing up the impact of outcomes in monetary units and frequency of such outcomes [6]. Further, this metric was incorporated into cost-benefit analyses to calculate Return-on-Investment (ROI) [7], [8]. Recently, risk was expressed as the product of threat occurrences and their resultant losses in US dollars, per event [9].…”

Section: Introductionmentioning

confidence: 99%

A multi-objective genetic algorithm for minimising network security risk and cost

Viduto

Maple

Huang

et al. 2012

2012 International Conference on High Performance Computing &Amp; Simulation (HPCS)

View full text Add to dashboard Cite

Abstract-Security countermeasures help ensure information security: confidentiality, integrity and availability(CIA), by mitigating possible risks associated with the security event. Due to the fact, that it is often difficult to measure such an impact quantitatively, it is also difficult to deploy appropriate security countermeasures. In this paper, we demonstrate a model of quantitative risk analysis, where an optimisation routine is developed to help a human decision maker to determine the preferred trade-off between investment cost and resulting risk. An offline optimisation routine deploys a genetic algorithm to search for the best countermeasure combination, while multiple risk factors are considered. We conduct an experimentation with real world data, taken from the PTA(Practical Threat Analysis) case study to show that our method is capable of delivering solutions for real world problem data sets. The results show that the multi-objective genetic algorithm (MOGA) approach provides high quality solutions, resulting in better knowledge for decision making.

show abstract

Measuring the risk-based value of IT security solutions

Cited by 58 publications

References 1 publication

A Framework for Cost Sensitive Assessment of Intrusion Response Selection

A Framework for Cost Sensitive Assessment of Intrusion Response Selection

Towards cost-sensitive assessment of intrusion response selection

A multi-objective genetic algorithm for minimising network security risk and cost

Contact Info

Product

Resources

About