|
| This Article | ||
| ||
| Share | ||
| Bibliographic References | ||
| Add to: | ||
 Digg  Furl  Spurl  Blink  Simpy  Google  Del.icio.us  Y!MyWeb | ||
| Search | ||
| ||
First International Conference on Availability, Reliability and Security (ARES'06)
Defense trees for economic evaluation of security investments
Vienna, Austria
April 20-April 22
ISBN: 0-7695-2567-9
| ASCII Text | x | ||
| Stefano Bistarelli, Fabio Fioravanti, Pamela Peretti, "Defense trees for economic evaluation of security investments," 2012 Seventh International Conference on Availability, Reliability and Security, pp. 416-423, First International Conference on Availability, Reliability and Security (ARES'06), 2006. | |||
| BibTex | x | ||
| @article{ 10.1109/ARES.2006.46, author = {Stefano Bistarelli and Fabio Fioravanti and Pamela Peretti}, title = {Defense trees for economic evaluation of security investments}, journal ={2012 Seventh International Conference on Availability, Reliability and Security}, volume = {0}, year = {2006}, isbn = {0-7695-2567-9}, pages = {416-423}, doi = {http://doi.ieeecomputersociety.org/10.1109/ARES.2006.46}, publisher = {IEEE Computer Society}, address = {Los Alamitos, CA, USA}, } | |||
| RefWorks Procite/RefMan/Endnote | x | ||
| TY - CONF JO - 2012 Seventh International Conference on Availability, Reliability and Security TI - Defense trees for economic evaluation of security investments SN - 0-7695-2567-9 SP416 EP423 A1 - Stefano Bistarelli, A1 - Fabio Fioravanti, A1 - Pamela Peretti, PY - 2006 KW - null VL - 0 JA - 2012 Seventh International Conference on Availability, Reliability and Security ER - | |||
DOI Bookmark: http://doi.ieeecomputersociety.org/10.1109/ARES.2006.46
In this paper we present a mixed qualitative and quantitative approach for evaluation of Information Technology (IT) security investments.
For this purpose, we model security scenarios by using defense trees, an extension of attack trees with attack countermeasures and we use economic quantitative indexes for computing the defender?s return on security investment and the attacker?s return on attack.
We show how our approach can be used to evaluate effectiveness and economic profitability of countermeasures as well as their deterrent effect on attackers, thus providing decision makers with a useful tool for performing better evaluation of IT security investments during the risk management process.
Citation:
Stefano Bistarelli, Fabio Fioravanti, Pamela Peretti, "Defense trees for economic evaluation of security investments," ares, pp.416-423, First International Conference on Availability, Reliability and Security (ARES'06), 2006
Usage of this product signifies your acceptance of the Terms of Use.