14,069 research outputs found
An Overview of Economic Approaches to Information Security Management
The increasing concerns of clients, particularly in online commerce, plus the impact of legislations on information security have compelled companies to put more resources in information security. As a result, senior managers in many organizations are now expressing a much greater interest in information security. However, the largest body of research related to preventing breaches is technical, focusing on such issues as encryption and access control. In contrast, research related to the economic aspects of information security is small but rapidly growing. The goal of this technical note is twofold: i) to provide the reader with an structured overview of the economic approaches to information security and ii) to identify potential research directions
Denial of service attacks and challenges in broadband wireless networks
Broadband wireless networks are providing internet and related services to end users. The three most important broadband wireless technologies are IEEE 802.11, IEEE 802.16, and
Wireless Mesh Network (WMN). Security attacks and
vulnerabilities vary amongst these broadband wireless networks because of differences in topologies, network operations and physical setups. Amongst the various security risks, Denial of Service (DoS) attack is the most severe security threat, as DoS can compromise the availability and integrity of broadband
wireless network. In this paper, we present DoS attack issues in broadband wireless networks, along with possible defenses and future directions
A framework for cost-sensitive automated selection of intrusion response
In recent years, cost-sensitive intrusion response has gained
significant interest due to its emphasis on the balance between
potential damage incurred by the intrusion and cost of the response.
However, one of the challenges in applying this approach is defining a
consistent and adaptable measurement framework to evaluate the expected
benefit of a response. In this thesis we present a model and framework
for the cost-sensitive assessment and selection of intrusion response.
Specifically, we introduce a set of measurements that characterize the
potential costs associated with the intrusion handling process, and
propose an intrusion response evaluation method with respect to the risk
of potential intrusion damage, the effectiveness of the response action
and the response cost for a system. The proposed framework has the
important quality of abstracting the system security policy from the
response selection mechanism, permitting policy adjustments to be made
without changes to the model. We provide an implementation of the
proposed solution as an IDS-independent plugin tool, and demonstrate its
advantages over traditional static response systems and an existing
dynamic response system
- …