Return on security investment against cyber attacks on availability

Authors:
Byoung Joon Min;Seung Hwan Yoo;Jong Ho Ryu;Dong Il Seo
Affiliations:
Dept. of Computer Science and Engineering, University of Incheon, Incheon, Republic of Korea;Dept. of Computer Science and Engineering, University of Incheon, Incheon, Republic of Korea;Electronics and Telecommunications Research Institute, Daejeon, Republic of Korea;Electronics and Telecommunications Research Institute, Daejeon, Republic of Korea
Venue:
ICCSA'06 Proceedings of the 2006 international conference on Computational Science and Its Applications - Volume Part II
Year:
2006

Citing 3
Cited 0

Security attribute evaluation method: a cost-benefit approach

Proceedings of the 24th International Conference on Software Engineering
A model for evaluating IT security investments

Communications of the ACM - Has the Internet become indispensable?
Security Meter: A Practical Decision-Tree Model to Quantify Risk

IEEE Security and Privacy

Quantified Score

Hi-index	0.00

Visualization

Abstract

As it is getting more important to support stabilized secure services, many organizations increase the security investment to protect their assets and clients from cyber attacks. The purpose of this paper is to suggest a guideline for security managers to select a set of the security countermeasures that mitigates damages from availability attacks in a cost-effective manner. We present a sys-tematic approach to the risk analysis against availability attacks and demonstrate countermeasure benefit estimations. The risk analysis consists of three procedures: Service Value Analysis, Threat Analysis, and Countermeasure Analysis. As the outcome of the procedures, our approach produces quantitative benefit analysis for each countermeasure against availability attacks. We have applied a simulation tool developed to implement the approach to VoIP(Voice over Internet Protocol) services and the result is also presented.