Economic Models and Approaches in Information Security for Computer Networks
作者: Nicolas Sklavos , Panagiotis Souras
DOI: 10.6633/IJNS.200601.2(1).02
关键词: Computer security 、 Asset (computer security) 、 Computer network 、 Computer science 、 Security service 、 Security information and event management 、 Certified Information Security Manager 、 Information security management 、 Security convergence 、 Cloud computing security 、 Computer security model
摘要: Security is one of the most important issues in computer networks. A common view networks security based on technical measures. Cryptographic models, firewalls and intrusion detection models are implemented every information framework an organization. Although deployment such technologies may reduce vulnerabilities losses from breaches, it not clear to organizations how much they must invest security. In this article, approaches economics introduced. From perspective organization, investment be estimated as cost-saving due reduced breaches. Besides that, any new ventures that profitable for organization would without countermeasures need considered. Any should follow a risk-management strategy according their needs. Organizations over-protect infrastructure will have spent too Respectively, those who under-protect suffer grater caused by
sci-hub.st 参考文章(12)
ROBERT P. CAMPBELL, GERALD A. SANDS, A modular approach to computer security risk management 1979 International Workshop on Managing Requirements Knowledge (MARK). ,(1979) , 10.1109/MARK.1979.8817285
Maximillian Dornseif, Christian N. Klein, Kay H. Schumann, Factual and Legal Risks regarding wireless Computer Networks arXiv: Computers and Society. ,(2002)
Adam Stubblefield, Aviel D. Rubin, John Ioannidis, Using the Fluhrer, Mantin, and Shamir Attack to Break {WEP} network and distributed system security symposium. ,(2002)
Mandy Andress, Wireless LAN Security Information Systems Security. ,vol. 11, pp. 29- 33 ,(2002) , 10.1201/1086/43321.11.3.20020708/37897.5
Lawrence A. Gordon, Martin P. Loeb, Economic aspects of information security: An emerging field of research Information Systems Frontiers. ,vol. 8, pp. 335- 337 ,(2007) , 10.1007/S10796-006-9010-7
Kevin John Soo Hoo, Michael M. May, How much is enough? A risk management approach to computer security ,(2000)
Nikita Borisov, Ian Goldberg, David Wagner, Intercepting mobile communications Proceedings of the 7th annual international conference on Mobile computing and networking - MobiCom '01. pp. 180- 189 ,(2001) , 10.1145/381677.381695
Michael D. Smith, Stuart Edward Schechter, Computer security strength and risk: a quantitative approach Harvard University. ,(2004)
Marianne Swanson, Generally Accepted Principles and Practices for Securing Information Technology Systems Generally Accepted Principles and Practices for Securing Information Technology Systems / AHIMA, American Health Information Management Association. ,(1996) , 10.6028/NIST.SP.800-14
S.E. Schechter, Toward econometric models of the security risk from remote attacks ieee symposium on security and privacy. ,vol. 3, pp. 40- 44 ,(2005) , 10.1109/MSP.2005.30