• DocumentCode
    3277289
  • Title

    Improving security decision under uncertainty: A multidisciplinary approach

  • Author

    Dehghanniri, Hashem ; Letier, Emmanuel ; Borrion, Herve

  • Author_Institution
    Dept. of Security & Crime Sci., Univ. Coll. London, London, UK
  • fYear
    2015
  • fDate
    8-9 June 2015
  • Firstpage
    1
  • Lastpage
    7
  • Abstract
    Security decision-making is a critical task in tackling security threats affecting a system or process. It often involves selecting a suitable resolution action to tackle an identified security risk. To support this selection process, decision-makers should be able to evaluate and compare available decision options. This article introduces a modelling language that can be used to represent the effects of resolution actions on the stakeholders´ goals, the crime process, and the attacker. In order to reach this aim, we develop a multidisciplinary framework that combines existing knowledge from the fields of software engineering, crime science, risk assessment, and quantitative decision analysis. The framework is illustrated through an application to a case of identity theft.
  • Keywords
    decision making; risk management; security of data; software engineering; crime science; identity theft; modelling language; quantitative decision analysis; risk assessment; security decision-making; security risk; security threat; software engineering; Companies; Credit cards; Decision making; Risk management; Security; Uncertainty; crime script; decision-making; identity theft; requirements engineering; risk; security; uncertainty;
  • fLanguage
    English
  • Publisher
    ieee
  • Conference_Titel
    Cyber Situational Awareness, Data Analytics and Assessment (CyberSA), 2015 International Conference on
  • Conference_Location
    London
  • Type

    conf

  • DOI
    10.1109/CyberSA.2015.7166134
  • Filename
    7166134