A Layered Decision Model for cost-effective system security

Authors:
Huaqiang Wei;Jim Alves-Foss;Terrence Soule;Hugh Pforsich;Du Zhang;Deborah Frincke
Affiliations:
Department of Computer Science, University of Idaho, Moscow, ID 83844-1010, USA.;Department of Computer Science, University of Idaho, Moscow, ID 83844-1010, USA.;Department of Computer Science, University of Idaho, Moscow, ID 83844-1010, USA.;Department of Accountancy, California State University, Sacramento, 6000 J Street, Sacramento, CA 95819, USA.;Department of Computer Science, California State University, Sacramento, 6000 J Street Sacramento, CA 95819, USA.;National Security Directorate, Pacific Northwest National Laboratory, Richland, WA, 99352, USA
Venue:
International Journal of Information and Computer Security
Year:
2008

Citing 18
Cited 0

Information systems security: a practitioner's reference

Information systems security: a practitioner's reference
A comparative framework for risk analysis methods

Computers and Security
Validation, verification, and testing techniques throughout the life cycle of a simulation study

WSC '94 Proceedings of the 26th conference on Winter simulation
Information Warfare: How to Survive Cyber Attacks

Information Warfare: How to Survive Cyber Attacks
The economics of information security investment

ACM Transactions on Information and System Security (TISSEC)
Security attribute evaluation method: a cost-benefit approach

Proceedings of the 24th International Conference on Software Engineering
Toward cost-sensitive modeling for intrusion detection and response

Journal of Computer Security
Information Security Management Handbook

Information Security Management Handbook
A model for evaluating IT security investments

Communications of the ACM - Has the Internet become indispensable?
Verification validation: model verification and validation

Proceedings of the 34th conference on Winter simulation: exploring new frontiers
Verification and validation: verification and validation of simulation models

Proceedings of the 35th conference on Winter simulation: driving innovation
Evaluating information security investments using the analytic hierarchy process

Communications of the ACM - Medical image modeling
The Value of Intrusion Detection Systems in Information Technology Security Architecture

Information Systems Research
Cost effective management frameworks for intrusion detection systems

Journal of Computer Security
Computer and network security risk management: theory, challenges, and countermeasures: Research Articles

International Journal of Communication Systems
Defense trees for economic evaluation of security investments

ARES '06 Proceedings of the First International Conference on Availability, Reliability and Security
Business Case for Network Security: Advocacy, Governance, and ROI, The (Network Business)

Business Case for Network Security: Advocacy, Governance, and ROI, The (Network Business)
Medical data security: Are you informed or afraid?

International Journal of Information and Computer Security

Quantified Score

Hi-index	0.00

Visualization

Abstract

System security involves decisions in at least three areas: identification of well-defined security policies, selection of cost-effective defence strategies, and implementation of real-time defence tactics. Although choices made in each of these areas affect the others, existing decision models typically handle these three decision areas in isolation. There is no comprehensive tool that can integrate them to provide a single efficient model for safeguarding a network. In addition, there is no clear way to determine which particular combinations of defence decisions result in cost-effective solutions. To address these problems, this paper introduces a Layered Decision Model (LDM) for use in deciding how to address defence decisions based on their cost-effectiveness. To validate the LDM and illustrate how it is used, we used simulation to test model rationality and applied the LDM to the design of system security for an e-commercial business case.