Electronic Notes in Theoretical Computer Science (ENTCS)
Using CP-nets as a guide for countermeasure selection
Proceedings of the 2007 ACM symposium on Applied computing
Analyzing Security Scenarios Using Defence Trees and Answer Set Programming
Electronic Notes in Theoretical Computer Science (ENTCS)
A Layered Decision Model for cost-effective system security
International Journal of Information and Computer Security
Proceedings of the 46th Annual Southeast Regional Conference on XX
An Approach to Security Policy Configuration Using Semantic Threat Graphs
Proceedings of the 23rd Annual IFIP WG 11.3 Working Conference on Data and Applications Security XXIII
Security risk management using internal controls
Proceedings of the first ACM workshop on Information security governance
Quantified security is a weak hypothesis: a critical survey of results and assumptions
NSPW '09 Proceedings of the 2009 workshop on New security paradigms workshop
Answer set optimization for and/or composition of CP-nets: a security scenario
CP'07 Proceedings of the 13th international conference on Principles and practice of constraint programming
Strategic games on defense trees
FAST'06 Proceedings of the 4th international conference on Formal aspects in security and trust
Cybersecurity for critical infrastructures: attack and defense modeling
IEEE Transactions on Systems, Man, and Cybernetics, Part A: Systems and Humans
Analyzing the security in the GSM radio network using attack jungles
ISoLA'10 Proceedings of the 4th international conference on Leveraging applications of formal methods, verification, and validation - Volume Part I
Foundations of attack-defense trees
FAST'10 Proceedings of the 7th International conference on Formal aspects of security and trust
Technical Communication: Attribution of attack trees
Computers and Electrical Engineering
Attack countermeasure trees (ACT): towards unifying the constructs of attack and defense trees
Security and Communication Networks
Benchmarking cloud security level agreements using quantitative policy trees
Proceedings of the 2012 ACM Workshop on Cloud computing security workshop
ADTool: security analysis with attack---defense trees
QEST'13 Proceedings of the 10th international conference on Quantitative Evaluation of Systems
Comparing attack trees and misuse cases in an industrial setting
Information and Software Technology
Hi-index | 0.00 |
In this paper we present a mixed qualitative and quantitative approach for evaluation of Information Technology (IT) security investments. For this purpose, we model security scenarios by using defense trees, an extension of attack trees with attack countermeasures and we use economic quantitative indexes for computing the defender's return on security investment and the attacker's return on attack. We show how our approach can be used to evaluate effectiveness and economic profitability of countermeasures as well as their deterrent effect on attackers, thus providing decision makers with a useful tool for performing better evaluation of IT security investments during the risk management process.