Information systems security: a practitioner's reference
Information systems security: a practitioner's reference
A comparative framework for risk analysis methods
Computers and Security
Validation, verification, and testing techniques throughout the life cycle of a simulation study
WSC '94 Proceedings of the 26th conference on Winter simulation
Information Warfare: How to Survive Cyber Attacks
Information Warfare: How to Survive Cyber Attacks
The economics of information security investment
ACM Transactions on Information and System Security (TISSEC)
Security attribute evaluation method: a cost-benefit approach
Proceedings of the 24th International Conference on Software Engineering
Toward cost-sensitive modeling for intrusion detection and response
Journal of Computer Security
Information Security Management Handbook
Information Security Management Handbook
A model for evaluating IT security investments
Communications of the ACM - Has the Internet become indispensable?
Verification validation: model verification and validation
Proceedings of the 34th conference on Winter simulation: exploring new frontiers
Verification and validation: verification and validation of simulation models
Proceedings of the 35th conference on Winter simulation: driving innovation
Evaluating information security investments using the analytic hierarchy process
Communications of the ACM - Medical image modeling
The Value of Intrusion Detection Systems in Information Technology Security Architecture
Information Systems Research
Cost effective management frameworks for intrusion detection systems
Journal of Computer Security
International Journal of Communication Systems
Defense trees for economic evaluation of security investments
ARES '06 Proceedings of the First International Conference on Availability, Reliability and Security
Business Case for Network Security: Advocacy, Governance, and ROI, The (Network Business)
Business Case for Network Security: Advocacy, Governance, and ROI, The (Network Business)
Medical data security: Are you informed or afraid?
International Journal of Information and Computer Security
Hi-index | 0.00 |
System security involves decisions in at least three areas: identification of well-defined security policies, selection of cost-effective defence strategies, and implementation of real-time defence tactics. Although choices made in each of these areas affect the others, existing decision models typically handle these three decision areas in isolation. There is no comprehensive tool that can integrate them to provide a single efficient model for safeguarding a network. In addition, there is no clear way to determine which particular combinations of defence decisions result in cost-effective solutions. To address these problems, this paper introduces a Layered Decision Model (LDM) for use in deciding how to address defence decisions based on their cost-effectiveness. To validate the LDM and illustrate how it is used, we used simulation to test model rationality and applied the LDM to the design of system security for an e-commercial business case.