Software Diversity for Information Security
نویسندگان
چکیده
In this paper we analyze a software diversification-based strategy to achieve information security. The notion of using diversity to limit correlated risks is a widely accepted strategy in many fields. Various risk management approaches strive to minimize the variance of losses faced by individuals by either risk pooling, as in insurance, or diversification, as in portfolio management. However, these approaches are advantageous only for risk-averse agents as the expected loss remains unchanged. Exploiting externalities unique to information systems, we show that diversification can not only reduce loss variance but also minimize expected loss. We formulate the optimal amount of diversity investment by a firm taking into account both the negative network externalities accruing from attacks as well as positive network effects that accrue from uniformity and interoperability.
منابع مشابه
The effect of developing the dynamics of library software system on information security management (Case study: Libraries of Islamic Azad universities of the country)
Background and Objective: Information security is of vital importance in most organizations. This is especially central in academic libraries due to the specific type of visitors, exchange and transfer of information to the users. Thus, the purpose is to investigate the relationship of the development of library software and information security management in the libraries of Islamic Azad Uni...
متن کاملMeasuring Software Diversity, with Applications to Security
In this work, we briefly introduce and discuss some of the diversity measures used in Ecology. After a succinct description and analysis of the most relevant ones, we single out the Shannon-Weiner index. We justify why it is the most informative and relevant one for measuring software diversity. Then, we show how it can be used for effectively assessing the diversity of various real software ec...
متن کاملDiversity-Based Approaches to Software Systems Security
Software systems security represents a major concern as cyberattacks continue to grow in number and sophistication. In addition to the increasing complexity and interconnection of modern information systems, these systems run significant similar software. This is known as IT monoculture. As a consequence, software systems share common vulnerabilities, which enable the spread of malware. The pri...
متن کاملIdentifying Information Security Risk Components in Military Hospitals in Iran
Background and Aim: Information systems are always at risk of information theft, information change, and interruptions in service delivery. Therefore, the present study was conducted to develop a model for identifying information security risk in military hospitals in Iran. Methods: This study was a qualitative content analysis conducted in military hospitals in Iran in 2019. The sample consist...
متن کاملFood Security Is Associated with Dietary Diversity: Tehran Lipid and Glucose Study
Background and Objectives: This study was undertaken to determine the relationship between food security and individual dietary diversity score (IDDS). Materials and Methods: This population-based cross-sectional study was conducted on 200 non-diabetic individuals aged ≥40 years, selected randomly from the Tehran Lipid and Glucose Study. Household food security was measured using a validated U...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
عنوان ژورنال:
دوره شماره
صفحات -
تاریخ انتشار 2005