Security attribute evaluation method: a cost-benefit approach
Proceedings of the 24th International Conference on Software Engineering
A model for evaluating IT security investments
Communications of the ACM - Has the Internet become indispensable?
Security Meter: A Practical Decision-Tree Model to Quantify Risk
IEEE Security and Privacy
Hi-index | 0.00 |
As it is getting more important to support stabilized secure services, many organizations increase the security investment to protect their assets and clients from cyber attacks. The purpose of this paper is to suggest a guideline for security managers to select a set of the security countermeasures that mitigates damages from availability attacks in a cost-effective manner. We present a sys-tematic approach to the risk analysis against availability attacks and demonstrate countermeasure benefit estimations. The risk analysis consists of three procedures: Service Value Analysis, Threat Analysis, and Countermeasure Analysis. As the outcome of the procedures, our approach produces quantitative benefit analysis for each countermeasure against availability attacks. We have applied a simulation tool developed to implement the approach to VoIP(Voice over Internet Protocol) services and the result is also presented.