Cost Tradeoffs for Information Security Assurance
نویسندگان
چکیده
Information security is important in proportion to an organization’s dependence on information technology. Security of a computer based information system should protect the Confidentiality, Integrity and Availability (CIA) aspects of the system. With the increasing dependence of business processes on information technology, the number of attacks against CIA aspects have increased manifold. Since achieving perfect security is monetarily and practically infeasible, organizations are using risk management concepts to forego perfection and instead making tradeoffs in pursuit of security goals. In this paper, we focus to analyze such tradeoffs in terms of investment costs and opportunity cost (from perspective of defender and attacker respectively).
منابع مشابه
Civitas: A Secure Voting System
Civitas is the first electronic voting system that is coercion-resistant, universally and voter verifiable, and suitable for remote voting. This paper describes the design and implementation of Civitas. Assurance is established in the design through security proofs, and in the implementation through information-flow security analysis. Experimental results give a quantitative evaluation of the t...
متن کاملCivitas: A Secure Remote Voting System
Civitas is the first implementation of a coercion-resistant, universally verifiable, remote voting scheme. This paper describes the design of Civitas, details the cryptographic protocols used in its construction, and illustrates how language-enforced information-flow security policies yield assurance in the implementation. The performance of Civitas scales well in the number of voters and offer...
متن کاملA DeticA report iN pArtNerSHip WitH tHe office of cyber Security AND iNformAtioN ASSurANce iN tHe cAbiNet office
WitH tHe office of cyber Security AND iNformAtioN ASSurANce iN tHe cAbiNet office. tHe coSt of cyber crime.
متن کاملA Framework for Evaluation of Information Systems Security
Evaluating information systems security is a process which involves identifying, gathering, and analysing security functionality and assurance level against criteria. This can result in a measure of trust that indicates how well the system meets a particular security target. It is desirable that the trust one can have on system is measurable and quantifiable through out the systems life cycle. ...
متن کاملA Unified Framework of Information Assurance for the Design and Analysis of Security Algorithms
Most information security algorithms cannot achieve perfect security without incurring severe operational costs such as false alarms, network congestion, capital investment etc. Operating or designing an algorithm with perfect security is therefore not an economically rational alternative and thus the question arises of how to find the appropriate tradeoff between security and its costs. Althou...
متن کامل