Quantitative Evaluation of Risk for Investment Efficient Strategies in Cybersecurity: The QuERIES Methodology

نویسندگان

  • LAWRENCE CARIN
  • GEORGE CYBENKO
چکیده

Organizations in both the private and public sectors have been struggling to determine the appropriate investments to make for protecting their critical intellectual property. As a result, cybersecurity investment strategies at the macro level (overall strategic investment in systemor enterprise-wide protection) and the micro level (how to allocate the tactical security elements across components of a system or enterprise) have typically been implemented without guidance from a rigorous, quantitative risk assessment and mitigation methodology. Simple questions such as "Are we investing enough?", "What security will have the most impact?" and "How much better is our security now?" are currently difficult to answer [Sanders et al. 2006]. Quantitative Evaluation of Risk for Investment Efficient Strategies (QuERIES) is a novel computational approach to quantitative cybersecurity risk assessment that was designed to answer such questions. It is based on rigorous and quantitative techniques drawn from computer science, game theory, control theory and economics. Preliminary experiments have corroborated the QuERIES methodology, suggest-

برای دانلود متن کامل این مقاله و بیش از 32 میلیون مقاله دیگر ابتدا ثبت نام کنید

ثبت نام

اگر عضو سایت هستید لطفا وارد حساب کاربری خود شوید

منابع مشابه

A New Efficient Metaheuristic Model for Stock Portfolio Management and its Performance Evaluation by Risk-adjusted Methods

In this research, we proposed a new metaheuristic technique for stock portfolio multi-objective optimization employing the combination of Strength Pareto Evolutionary Algorithm (SPEA), Adaptive Neuro-Fuzzy Inference System (ANFIS) and Arbitrage Pricing Theory (APT). To generate the more precise model, ANFIS has implemented to envisage long-term movement values of the Tehran Stock Exchange (TSE)...

متن کامل

Security Events and Vulnerability Data for Cybersecurity Risk Estimation.

Current industry standards for estimating cybersecurity risk are based on qualitative risk matrices as opposed to quantitative risk estimates. In contrast, risk assessment in most other industry sectors aims at deriving quantitative risk estimations (e.g., Basel II in Finance). This article presents a model and methodology to leverage on the large amount of data available from the IT infrastruc...

متن کامل

System Dynamics Aproach For Quantitative Risk Allocaion

Allocation of construction risks between clients and their contractors has a significant impact on the total construction costs. This paper presents a system dynamics (SD)-based approach for quantitative risk allocation. Using the proposed SD based approach, all the factors affecting the risk allocation process are modeled. The contractor’s defensive strategies against the one-sided risk alloca...

متن کامل

ارزیابی عملکرد کتابخانه‌های عمومی استان‌ها توسط تکنیک تحلیل پوششی داده‌ها

Purpose: Making use of the quantitative method of data envelopment analysis (DEA), this research tries to calculate the efficiency and ranking of public libraries in Iranian provinces in 2008. Methodology: This research is an applied study and was conducted as survey. Data collection was performed from internet. The time interval of the used data was the year 2008 and data were classified with...

متن کامل

Evaluating quantitative stock selection strategies in Tehran Stock Exchange

There are different strategies for selecting stocks, and different investors use different strategies according to their risk tolerance or their expected rate of return. In this study, the profitability of a broad range of stock se-lection strategies in Tehran Stock Exchange over the period 1370-1383, has been examined, and it has been investigated whether the successful strategies in other cou...

متن کامل

ذخیره در منابع من


  با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید

برای دانلود متن کامل این مقاله و بیش از 32 میلیون مقاله دیگر ابتدا ثبت نام کنید

ثبت نام

اگر عضو سایت هستید لطفا وارد حساب کاربری خود شوید

عنوان ژورنال:

دوره   شماره 

صفحات  -

تاریخ انتشار 2007