Communications of the ACM - E-services: a cornucopia of digital offerings ushers in the next Net-based evolution
Enemy at the gate: threats to information security
Communications of the ACM - Program compaction
Business process-based valuation of IT-security
EDSER '05 Proceedings of the seventh international workshop on Economics-driven software engineering research
Estimating Potential IT Security Losses: An Alternative Quantitative Approach
IEEE Security and Privacy
On the Singularity of Valuating IT Security Investments
ICIS '09 Proceedings of the 2009 Eigth IEEE/ACIS International Conference on Computer and Information Science
The enemy is still at the gates: threats to information security revisited
2010 Information Security Curriculum Development Conference
Principles of Information Security
Principles of Information Security
Why software fails [software failure]
IEEE Spectrum
Hi-index | 0.00 |
Traditional cost-benefit analysis CBA quantifies the value of information security safeguards in terms of their expenses compared to their savings before and after their implementation. This paper considers CBA from the attacker's viewpoint, adding another type of measurement, the willingness to endure consequences. The authors propose a new set of equations and examine their implications vis-í-vis two typical network attacks, identity theft and intellectual property theft.