Predictive Modelling for Security Operations Economics
نویسندگان
چکیده
Information security operations ― necessary to protect the confidentiality, integrity, and availability of an organization’s information systems against attacks ― represent substantial investments in technologies, tools, and human resources. Typically, the relationship between the supplier of an information system and its users is regulated by a Service Level Agreement, and the supplier must determine the appropriate level of investment in operational resources in order to meet its contractual obligations whilst maintaining its economic viability. We contend that investment decisions should be based on analytic models of the behaviour of information systems in the context of the environmental threats they face. We describe a mathematical framework, together with a modelling philosophy, for capturing the structural and dynamical properties of systems and their associated security operations. We describe how a modelling tool (Demos2k) can be used to capture much of our conceptual framework, giving a detailed, experimental example. We show that our models are able to predict the economic consequences of investment decisions for security operations.
منابع مشابه
Predictive Modelling for Security Operations Economics ( Extended
Information security operations necessary to protect the confidentiality, integrity, and availability of an organization’s information systems against attacks represent substantial investments in technologies, tools, and human resources. Typically, the relationship between the supplier of an information system and its users is regulated by a Service Level Agreement, and the supplier must determ...
متن کاملModelling and Experimental Testing of Asymmetric Information Problems in Lease and Hire Contracts (Based on Contract Theory)
This article aims to study lease and hiring contract in the Iranian-Islamic setting and analyze the asymmetric information problem in these contracts. For doing this, we study the characteristics of lease and hiring contracts in Iran (real world experimental characteristics that recognized in other studies), using library method, then we mathematically model different aspects of asymmetric info...
متن کاملCompositional Security Modelling - Structure, Economics, and Behaviour
Security managers face the challenge of formulating and implementing policies that deliver their desired system security postures — for example, their preferred balance of confidentiality, integrity, and availability — within budget (monetary and otherwise). In this paper, we describe a security modelling methodology, grounded in rigorous mathematical systems modelling and economics, that captu...
متن کاملEconomics, Security and Innovation
This paper takes into account an economic perspective of security and innovation. In particular, it discusses aspects of economics that may be relevant in order to assess and deploy security technologies. At the micro level of analysis, as an example, this paper highlights discussions on the economics of security in the cloud. Do we really understand the economics of security in the cloud? Are ...
متن کاملMORF: A Framework for MOOC Predictive Modeling and Replication At Scale
The MOOC Replication Framework (MORF) is a novel software system for feature extraction, model training/testing, and evaluation of predictive dropout models in Massive Open Online Courses (MOOCs). MORF makes large-scale replication of complex machine-learned models tractable and accessible for researchers, and enables public research on privacy-protected data. It does so by focusing on the high...
متن کامل