Quantitative Evaluation of Risk for Investment Efficient Strategies in Cybersecurity: The QuERIES Methodology
نویسندگان
چکیده
Organizations in both the private and public sectors have been struggling to determine the appropriate investments to make for protecting their critical intellectual property. As a result, cybersecurity investment strategies at the macro level (overall strategic investment in systemor enterprise-wide protection) and the micro level (how to allocate the tactical security elements across components of a system or enterprise) have typically been implemented without guidance from a rigorous, quantitative risk assessment and mitigation methodology. Simple questions such as "Are we investing enough?", "What security will have the most impact?" and "How much better is our security now?" are currently difficult to answer [Sanders et al. 2006]. Quantitative Evaluation of Risk for Investment Efficient Strategies (QuERIES) is a novel computational approach to quantitative cybersecurity risk assessment that was designed to answer such questions. It is based on rigorous and quantitative techniques drawn from computer science, game theory, control theory and economics. Preliminary experiments have corroborated the QuERIES methodology, suggest-
منابع مشابه
A New Efficient Metaheuristic Model for Stock Portfolio Management and its Performance Evaluation by Risk-adjusted Methods
In this research, we proposed a new metaheuristic technique for stock portfolio multi-objective optimization employing the combination of Strength Pareto Evolutionary Algorithm (SPEA), Adaptive Neuro-Fuzzy Inference System (ANFIS) and Arbitrage Pricing Theory (APT). To generate the more precise model, ANFIS has implemented to envisage long-term movement values of the Tehran Stock Exchange (TSE)...
متن کاملSecurity Events and Vulnerability Data for Cybersecurity Risk Estimation.
Current industry standards for estimating cybersecurity risk are based on qualitative risk matrices as opposed to quantitative risk estimates. In contrast, risk assessment in most other industry sectors aims at deriving quantitative risk estimations (e.g., Basel II in Finance). This article presents a model and methodology to leverage on the large amount of data available from the IT infrastruc...
متن کاملSystem Dynamics Aproach For Quantitative Risk Allocaion
Allocation of construction risks between clients and their contractors has a significant impact on the total construction costs. This paper presents a system dynamics (SD)-based approach for quantitative risk allocation. Using the proposed SD based approach, all the factors affecting the risk allocation process are modeled. The contractor’s defensive strategies against the one-sided risk alloca...
متن کاملارزیابی عملکرد کتابخانههای عمومی استانها توسط تکنیک تحلیل پوششی دادهها
Purpose: Making use of the quantitative method of data envelopment analysis (DEA), this research tries to calculate the efficiency and ranking of public libraries in Iranian provinces in 2008. Methodology: This research is an applied study and was conducted as survey. Data collection was performed from internet. The time interval of the used data was the year 2008 and data were classified with...
متن کاملEvaluating quantitative stock selection strategies in Tehran Stock Exchange
There are different strategies for selecting stocks, and different investors use different strategies according to their risk tolerance or their expected rate of return. In this study, the profitability of a broad range of stock se-lection strategies in Tehran Stock Exchange over the period 1370-1383, has been examined, and it has been investigated whether the successful strategies in other cou...
متن کامل