Research in information security has generally focused on providing a
comprehensive interpretation of threats, vulnerabilities, and attacks, in
particular to evaluate their danger and prioritize responses accordingly. Most
of the current approaches propose advanced techniques to detect intrusions and
complex attacks but few of these approaches propose well defined methodologies
to react against a given attack. In this paper, we propose a novel and
systematic method to select security countermeasures from a pool of candidates,
by ranking them based on the technical and financial impact associated to each
alternative. The method includes industrial evaluation and simulations of the
impact associated to a given security measure which allows to compute the
return on response investment for different candidates. A simple case study is
proposed at the end of the paper to show the applicability of the model.Comment: In Proceedings AIDP 2014, arXiv:1410.322