Introduction to Bayesian Networks
Introduction to Bayesian Networks
Security attribute evaluation method: a cost-benefit approach
Proceedings of the 24th International Conference on Software Engineering
A Case for Using Real Options Pricing Analysis to Evaluate Information Technology Project Investment
Information Systems Research
Why Information Security is Hard-An Economic Perspective
ACSAC '01 Proceedings of the 17th Annual Computer Security Applications Conference
Budgeting process for information security expenditures
Communications of the ACM - Personal information management
Model-based security analysis in seven steps --- a guided tour to the CORAS method
BT Technology Journal
Making Cost Effective Security Decision with Real Option Thinking
ICSEA '07 Proceedings of the International Conference on Software Engineering Advances
Using trust-based information aggregation for predicting security level of systems
DBSec'10 Proceedings of the 24th annual IFIP WG 11.3 working conference on Data and applications security and privacy
Trust-based security level evaluation using Bayesian belief networks
Transactions on computational science X
Engineering Security Agreements Against External Insider Threat
Information Resources Management Journal
Hi-index | 0.00 |
Making well-founded security investment decisions is hard: several alternatives may need to be considered, the alternatives' space is often diffuse, and many decision parameters that are traded-off are uncertain or incomplete. We cope with these challenges by proposing a method that supports decision makers in the process of making well-founded and balanced security investment decisions. The method has two fundamental ingredients, staging and learning, that fit into a continuous decision cycle. The method takes advantage of Real Options thinking, not only to select a decision option, but also to compound it with other options in following decision iterations, after reflection on the decision alternatives previously implemented. Additionally, our method is supported by the SecInvest tool for trade-off analysis that considers decision parameters, including cost, risks, context (such as time-to-market and B2B trust), and expected benefits when evaluating the various decision alternatives. The output of the tool, a fitness score for each decision alternative, allows to compare the evaluations of the decision makers involved as well as to include learning and consequent adjustments of decision parameters. We demonstrate the method using a three decision alternatives example.