43,479 research outputs found
A framework for cost-sensitive automated selection of intrusion response
In recent years, cost-sensitive intrusion response has gained
significant interest due to its emphasis on the balance between
potential damage incurred by the intrusion and cost of the response.
However, one of the challenges in applying this approach is defining a
consistent and adaptable measurement framework to evaluate the expected
benefit of a response. In this thesis we present a model and framework
for the cost-sensitive assessment and selection of intrusion response.
Specifically, we introduce a set of measurements that characterize the
potential costs associated with the intrusion handling process, and
propose an intrusion response evaluation method with respect to the risk
of potential intrusion damage, the effectiveness of the response action
and the response cost for a system. The proposed framework has the
important quality of abstracting the system security policy from the
response selection mechanism, permitting policy adjustments to be made
without changes to the model. We provide an implementation of the
proposed solution as an IDS-independent plugin tool, and demonstrate its
advantages over traditional static response systems and an existing
dynamic response system
An Overview of Economic Approaches to Information Security Management
The increasing concerns of clients, particularly in online commerce, plus the impact of legislations on information security have compelled companies to put more resources in information security. As a result, senior managers in many organizations are now expressing a much greater interest in information security. However, the largest body of research related to preventing breaches is technical, focusing on such issues as encryption and access control. In contrast, research related to the economic aspects of information security is small but rapidly growing. The goal of this technical note is twofold: i) to provide the reader with an structured overview of the economic approaches to information security and ii) to identify potential research directions
Recommended from our members
Evaluating the resilience and security of boundaryless, evolving socio-technical Systems of Systems
Towards automated incident handling: how to select an appropriate response against a network-based attack?
The increasing amount of network-based attacks evolved to one of the top concerns responsible for network infrastructure and service outages. In order to counteract these threats, computer networks are monitored to detect malicious traffic and initiate suitable reactions. However, initiating a suitable reaction is a process of selecting an appropriate response related to the identified network-based attack. The process of selecting a response requires to take into account the economics of an reaction e.g., risks and benefits. The literature describes several response selection models, but they are not widely adopted. In addition, these models and their evaluation are often not reproducible due to closed testing data. In this paper, we introduce a new response selection model, called REASSESS, that allows to mitigate network-based attacks by incorporating an intuitive response selection process that evaluates negative and positive impacts associated with each countermeasure. We compare REASSESS with the response selection models of IE-IRS, ADEPTS, CS-IRS, and TVA and show that REASSESS is able to select the most appropriate response to an attack in consideration of the positive and negative impacts and thus reduces the effects caused by an network-based attack. Further, we show that REASSESS is aligned to the NIST incident life cycle. We expect REASSESS to help organizations to select the most appropriate response measure against a detected network-based attack, and hence contribute to mitigate them
- …