Security attribute evaluation method: a cost-benefit approach
Proceedings of the 24th International Conference on Software Engineering
Risk Analysis and Security Countermeasure Selection
Risk Analysis and Security Countermeasure Selection
Modular analysis and modelling of risk scenarios with dependencies
Journal of Systems and Software
Model-Driven Risk Analysis: The CORAS Approach
Model-Driven Risk Analysis: The CORAS Approach
SP 800-30. Risk Management Guide for Information Technology Systems
SP 800-30. Risk Management Guide for Information Technology Systems
| Hi-index | 0.00 |
Security risk analysis should be conducted regularly to maintain an acceptable level of security. In principle, all risks that are unacceptable according to the predefined criteria should be mitigated. However, risk mitigation comes at a cost, and only the countermeasures that cost-efficiently mitigate risks should be implemented. This paper presents an approach to integrate the countermeasure cost-benefit assessment into the risk analysis and to provide decision makers with the necessary decision support. The approach comes with the necessary modeling support, a calculus for reasoning about the countermeasure cost and effect, as well as means for visualization of the results to aid decision makers.