Considering technical and financial impact in the selection of security countermeasures against Advanced Persistent Threats (APTs)
作者: Gustavo Gonzalez Granadillo , Joaquin Garcia-Alfaro , Herve Debar , Christophe Ponchel , Laura Rodriguez Martin
DOI: 10.1109/NTMS.2015.7266480
关键词:
摘要: This paper presents a model to evaluate and select security countermeasures from pool of candidates. The performs industrial evaluation simulations the financial technical impact associated countermeasures. approach uses Return On Response Investment (RORI) index compare expected attack when no response is enacted against after applying evaluates protection level threat, in terms confidentiality, integrity, availability. We provide use case on malware attacks that shows applicability our selecting best countermeasure an Advanced Persistent Threat.
sci-hub.se 参考文章(8)
Nizar Kheir, Nora Cuppens-Boulahia, Frédéric Cuppens, Hervé Debar, A service dependency model for cost-sensitive intrusion response european symposium on research in computer security. pp. 626- 642 ,(2010) , 10.1007/978-3-642-15497-3_38
Christian Locher, Methodologies for Evaluating Information Security Investments - What Basel II Can Change in the Financial Industry. european conference on information systems. pp. 1561- 1572 ,(2005)
Mark Jeffery, Return on Investment Analysis for E‐business Projects The Internet Encyclopedia. ,(2004) , 10.1002/047148296X.TIE154
Wes Sonnenreich, Jason Albanese, Bruce Stout, Return On Security Investment (ROSI) - A Practical Quantitative Modell. Journal of Research and Practice in Information Technology. ,vol. 38, pp. 45- ,(2006)
Marco Cremonini, Patrizia Martini, Evaluating Information Security Investments from Attackers Perspective: the Return-On-Attack (ROA). WEIS. ,(2005)
Martin P. Loeb, Lawrence A. Gordon, Return on information security investments: Myths vs. Realities. Strategic Finance. ,vol. 84, pp. 26- 31 ,(2002)
Paul Giura, Wei Wang, A Context-Based Detection Framework for Advanced Persistent Threats Cybersecurity. pp. 69- 74 ,(2012) , 10.1109/CYBERSECURITY.2012.16
Mohamed Elhafiz, Hisham Abushama, Quantified Return on Information Security Investment - A Model for Cost-Benefit Analysis University of Khartoum. ,(2016)