• DocumentCode
    1826176
  • Title

    Defense trees for economic evaluation of security investments

  • Author

    Bistarelli, Stefano ; Fioravanti, Fabio ; Peretti, Pamela

  • Author_Institution
    Dipt. di Sci., Univ. degli Studi "G. d\´\´Annunzio", Pescara, Italy
  • fYear
    2006
  • fDate
    20-22 April 2006
  • Abstract
    In this paper we present a mixed qualitative and quantitative approach for evaluation of information technology (IT) security investments. For this purpose, we model security scenarios by using defense trees, an extension of attack trees with attack countermeasures and we use economic quantitative indexes for computing the defender´s return on security investment and the attacker´s return on attack. We show how our approach can be used to evaluate effectiveness and economic profitability of countermeasures as well as their deterrent effect on attackers, thus providing decision makers with a useful tool for performing better evaluation of IT security investments during the risk management process.
  • Keywords
    economic indicators; investment; profitability; risk management; security of data; trees (mathematics); attack trees; defense trees; economic evaluation; economic profitability; economic quantitative indexes; information technology security investments; risk management process; Concrete; Economic indicators; Information security; Information technology; Investments; Performance evaluation; Profitability; Protection; Risk analysis; Risk management;
  • fLanguage
    English
  • Publisher
    ieee
  • Conference_Titel
    Availability, Reliability and Security, 2006. ARES 2006. The First International Conference on
  • Print_ISBN
    0-7695-2567-9
  • Type

    conf

  • DOI
    10.1109/ARES.2006.46
  • Filename
    1625338
    • Link To Document
    https://search.isc.ac/dl/search/defaultta.aspx?DTC=49&DC=1826176