Loading [a11y]/accessibility-menu.js
Improving security decision under uncertainty: A multidisciplinary approach | IEEE Conference Publication | IEEE Xplore

Improving security decision under uncertainty: A multidisciplinary approach


Abstract:

Security decision-making is a critical task in tackling security threats affecting a system or process. It often involves selecting a suitable resolution action to tackle...Show More

Abstract:

Security decision-making is a critical task in tackling security threats affecting a system or process. It often involves selecting a suitable resolution action to tackle an identified security risk. To support this selection process, decision-makers should be able to evaluate and compare available decision options. This article introduces a modelling language that can be used to represent the effects of resolution actions on the stakeholders' goals, the crime process, and the attacker. In order to reach this aim, we develop a multidisciplinary framework that combines existing knowledge from the fields of software engineering, crime science, risk assessment, and quantitative decision analysis. The framework is illustrated through an application to a case of identity theft.
Date of Conference: 08-09 June 2015
Date Added to IEEE Xplore: 27 July 2015
Electronic ISBN:978-0-9932-3380-7
Conference Location: London, UK

I. Introduction

Security decision-making often involves choosing amongst different alternatives to tackle a security problem. This is a complex activity encountered in the production and maintenance of any system comprising valuable assets. It appears at different stages of a system's life cycle, from early requirements analysis to system design, through implementation and maintenance. In all of these stages there may be different alternatives available, each with pros and cons from a security perspective. Although it has been accepted that we could never have a completely secure system [1], the security of a system can generally be improved, with quality improvement resulting from better decisions.

Contact IEEE to Subscribe

References

References is not available for this document.