Evaluation of complex security scenarios using defense trees and economic indexes. Bistarelli, S., Fabio, F., Pamela, P., & Francesco, S. JOURNAL OF EXPERIMENTAL & THEORETICAL ARTIFICIAL INTELLIGENCE, 24:161–192, 2012. doi abstract bibtex In this article, we present a mixed qualitative and quantitative approach for evaluation of information technology (IT) security investments. For this purpose, we model security scenarios by using defense trees, an extension of attack trees with countermeasures and we use economic quantitative indexes for computing the defender's return on security investment and the attacker's return on attack. We show how our approach can be used to evaluate economic profitability of countermeasures and their deterrent effect on attackers, thus providing decision makers with a useful tool for performing better evaluation of IT security investments during the risk management process.
@article{
11391_176498,
author = {Bistarelli, S. and Fabio, Fioravanti and Pamela, Peretti and Francesco, Santini},
title = {Evaluation of complex security scenarios using defense trees and economic indexes},
year = {2012},
journal = {JOURNAL OF EXPERIMENTAL & THEORETICAL ARTIFICIAL INTELLIGENCE},
volume = {24},
abstract = {In this article, we present a mixed qualitative and quantitative approach for evaluation of information technology (IT) security investments. For this purpose, we model security scenarios by using defense trees, an extension of attack trees with countermeasures and we use economic quantitative indexes for computing the defender's return on security investment and the attacker's return on attack. We show how our approach can be used to evaluate economic profitability of countermeasures and their deterrent effect on attackers, thus providing decision makers with a useful tool for performing better evaluation of IT security investments during the risk management process.},
keywords = {security scenarios, defense tree, economic indexes, ROI; ROA},
doi = {10.1080/13623079.2011.587206},
pages = {161--192}
}
Downloads: 0
{"_id":"TnQY4rg6S4SAZsrTS","bibbaseid":"bistarelli-fabio-pamela-francesco-evaluationofcomplexsecurityscenariosusingdefensetreesandeconomicindexes-2012","author_short":["Bistarelli, S.","Fabio, F.","Pamela, P.","Francesco, S."],"bibdata":{"bibtype":"article","type":"article","author":[{"propositions":[],"lastnames":["Bistarelli"],"firstnames":["S."],"suffixes":[]},{"propositions":[],"lastnames":["Fabio"],"firstnames":["Fioravanti"],"suffixes":[]},{"propositions":[],"lastnames":["Pamela"],"firstnames":["Peretti"],"suffixes":[]},{"propositions":[],"lastnames":["Francesco"],"firstnames":["Santini"],"suffixes":[]}],"title":"Evaluation of complex security scenarios using defense trees and economic indexes","year":"2012","journal":"JOURNAL OF EXPERIMENTAL & THEORETICAL ARTIFICIAL INTELLIGENCE","volume":"24","abstract":"In this article, we present a mixed qualitative and quantitative approach for evaluation of information technology (IT) security investments. For this purpose, we model security scenarios by using defense trees, an extension of attack trees with countermeasures and we use economic quantitative indexes for computing the defender's return on security investment and the attacker's return on attack. We show how our approach can be used to evaluate economic profitability of countermeasures and their deterrent effect on attackers, thus providing decision makers with a useful tool for performing better evaluation of IT security investments during the risk management process.","keywords":"security scenarios, defense tree, economic indexes, ROI; ROA","doi":"10.1080/13623079.2011.587206","pages":"161–192","bibtex":"@article{\n\t11391_176498,\n\tauthor = {Bistarelli, S. and Fabio, Fioravanti and Pamela, Peretti and Francesco, Santini},\n\ttitle = {Evaluation of complex security scenarios using defense trees and economic indexes},\n\tyear = {2012},\n\tjournal = {JOURNAL OF EXPERIMENTAL & THEORETICAL ARTIFICIAL INTELLIGENCE},\n\tvolume = {24},\n\tabstract = {In this article, we present a mixed qualitative and quantitative approach for evaluation of information technology (IT) security investments. For this purpose, we model security scenarios by using defense trees, an extension of attack trees with countermeasures and we use economic quantitative indexes for computing the defender's return on security investment and the attacker's return on attack. We show how our approach can be used to evaluate economic profitability of countermeasures and their deterrent effect on attackers, thus providing decision makers with a useful tool for performing better evaluation of IT security investments during the risk management process.},\n\tkeywords = {security scenarios, defense tree, economic indexes, ROI; ROA},\n\tdoi = {10.1080/13623079.2011.587206},\t\n\tpages = {161--192}\n}\n","author_short":["Bistarelli, S.","Fabio, F.","Pamela, P.","Francesco, S."],"key":"11391_176498","id":"11391_176498","bibbaseid":"bistarelli-fabio-pamela-francesco-evaluationofcomplexsecurityscenariosusingdefensetreesandeconomicindexes-2012","role":"author","urls":{},"keyword":["security scenarios","defense tree","economic indexes","ROI; ROA"],"metadata":{"authorlinks":{}},"downloads":0,"html":""},"bibtype":"article","biburl":"http://www.dmi.unipg.it/~bista/papers/pubblicazioni.bib","dataSources":["GhB5rb8JzW6az3exo"],"keywords":["security scenarios","defense tree","economic indexes","roi; roa"],"search_terms":["evaluation","complex","security","scenarios","using","defense","trees","economic","indexes","bistarelli","fabio","pamela","francesco"],"title":"Evaluation of complex security scenarios using defense trees and economic indexes","year":2012}