By Topic

An approach to measure effectiveness of control for risk analysis with game theory

Sign In

Cookies must be enabled to login.After enabling cookies , please use refresh or reload or ctrl+f5 on the browser for the login options.

Formats Non-Member Member
$33 $13
Learn how you can qualify for the best price for this item!
Become an IEEE Member or Subscribe to
IEEE Xplore for exclusive pricing!
close button

puzzle piece

IEEE membership options for an individual and IEEE Xplore subscriptions for an organization offer the most affordable access to essential journal articles, conference papers, standards, eBooks, and eLearning courses.

Learn more about:

IEEE membership

IEEE Xplore subscriptions

2 Author(s)
Lisa Rajbhandari ; Norwegian Inf. Security Lab., Gjovik Univ. Coll., Gjovik, Norway ; Einar Arthur Snekkenes

Security managers are facing problems choosing effective controls (countermeasures), as there is large number of controls at their disposal. Although the existing standards and methods provide guidance, they are not sufficiently comprehensive when it comes to deciding what attributes to look for and how to use them for determining the effectiveness of controls. The purpose of this paper is twofold: first we determine the attributes of controls and its measurement functions, in order to measure its effectiveness by means of Analytic Hierarchy Process (AHP). Secondly, we show how control metrics can be used by the analyst to make deployment decisions by means of Risk Analysis Using Game Theory (RAUGT). The approach is further validated by using a case study between a system owner who wants to determine the effectiveness of using the Password Testing System (PTS) to raise the bar for the attacker.

Published in:

2011 1st Workshop on Socio-Technical Aspects in Security and Trust (STAST)

Date of Conference:

8-8 Sept. 2011