Cost effective management frameworks for intrusion detection systems

Authors:
Charles Iheagwara;Andrew Blyth;Mukesh Singhal
Affiliations:
Una Telecom. Inc., 4640 Forbes Boulevard, #200, Lanham, MD;School of Computing, University of Glamorgan, Pontypridd, Wales, CF 37 IDL, UK;Department of Computer Science, The University of Kentucky, 773 Anderson Hall, Lexington, KY
Venue:
Journal of Computer Security
Year:
2004

Citing 6
Cited 3

Towards a taxonomy of intrusion-detection systems

Computer Networks: The International Journal of Computer and Telecommunications Networking - Special issue on computer network security
Security attribute evaluation method: a cost-benefit approach

Proceedings of the 24th International Conference on Software Engineering
Evaluation of the performance of ID systems in a switched and distributed environment: the RealSecure case study

Computer Networks: The International Journal of Computer and Telecommunications Networking
A comparative experimental evaluation study of intrusion detection system performance in a gigabit environment

Journal of Computer Security
Toward a Taxonomy and Costing Method for Security Services

ACSAC '99 Proceedings of the 15th Annual Computer Security Applications Conference
Timing the Application of Security Patches for Optimal Uptime

LISA '02 Proceedings of the 16th USENIX conference on System administration

Autonomous decision on intrusion detection with trained BDI agents

Computer Communications
A Layered Decision Model for cost-effective system security

International Journal of Information and Computer Security
The impact of information security breaches: Has there been a downward shift in costs?

Journal of Computer Security

Quantified Score

Hi-index	0.00

Visualization

Abstract

This paper discusses the financial benefit of intrusion detection systems (IDS) deployment techniques and addresses the problems of bridging the gap between technical security solutions and the business need for it. This is an area of interest to both the research and the business community; most IDSes balance host and network monitoring, but the decision about how to adjust usage of each technique tends to be made in a rather ad-hoc way, or based upon effectiveness of detection only without regard to cost of technique. In practice, selections based on how well a strategy helps a company to perform are preferable and methodologies supporting a selection process of this type will assist an Information Technology officer to explain security mechanism selections more effectively to CEOs. In this context, the approach we propose could be applied when choosing one intrusion detection system over another based on which has a better or higher return on investment for the company.Through a case study, we illustrate the benefits of a better IDS management that leads to a positive Return on Investment (ROI) for IDS deployment. We conceive strategies and approaches to support effective decision-making about which techniques are appropriate for the cost effective management of the IDS in a given environment. It is our intent that this research will serve as a foundation for the formal description of cost structures, analysis, and selection of effective implementation approaches to support the management of IDS deployments.