A survey on systems security metrics
M Pendleton, R Garcia-Lebron, JH Cho… - ACM Computing Surveys …, 2016 - dl.acm.org
Security metrics have received significant attention. However, they have not been
systematically explored based on the understanding of attack-defense interactions, which …
systematically explored based on the understanding of attack-defense interactions, which …
Economic security metrics
R Böhme, T Nowey - Dependability metrics: Advanced lectures, 2008 - Springer
This chapter surveys economic approaches for security metrics, among which we could
identify two main areas of research. One has its roots in investment and decision theory and …
identify two main areas of research. One has its roots in investment and decision theory and …
Return on security investment (ROSI)-a practical quantitative model
W Sonnenreich, J Albanese… - Journal of Research and …, 2006 - search.informit.org
Organizations need practical security benchmarking tools in order to plan effective security
strategies. This paper explores a number of techniques that can be used to measure security …
strategies. This paper explores a number of techniques that can be used to measure security …
Analyzing security costs
RT Mercuri - Communications of the ACM, 2003 - dl.acm.org
Analyzing security costs Page 1 COMMUNICATIONS OF THE ACM June 2003/Vol. 46, No. 6 15
Costs related to computer security are often difficult to assess, in part because accurate metrics …
Costs related to computer security are often difficult to assess, in part because accurate metrics …
Dynamic optimal countermeasure selection for intrusion response system
Designing an efficient defense framework is challenging with respect to a network's
complexity, widespread sophisticated attacks, attackers' ability, and the diversity of security …
complexity, widespread sophisticated attacks, attackers' ability, and the diversity of security …
Vulnerability and information security investment: An empirical analysis of e-local government in Japan
H Tanaka, K Matsuura, O Sudoh - Journal of Accounting and Public Policy, 2005 - Elsevier
The authors aim to verify the relation between vulnerability and information security
investment. This relation is empirically analyzed using data on e-local governments in …
investment. This relation is empirically analyzed using data on e-local governments in …
Taxonomy of intrusion risk assessment and response system
In recent years, we have seen notable changes in the way attackers infiltrate computer
systems compromising their functionality. Research in intrusion detection systems aims to …
systems compromising their functionality. Research in intrusion detection systems aims to …
The neural network models for IDS based on the asymmetric costs of false negative errors and false positive errors
This paper investigates the asymmetric costs of false positive and negative errors to
enhance the IDS performance. The proposed method utilizes the neural network model to …
enhance the IDS performance. The proposed method utilizes the neural network model to …
A probabilistic relational model for security risk analysis
Information system security risk, defined as the product of the monetary losses associated
with security incidents and the probability that they occur, is a suitable decision criterion …
with security incidents and the probability that they occur, is a suitable decision criterion …
Evaluating information security investments from attackers perspective: the return-on-attack (ROA)
M Cremonini, P Martini - 2005 - air.unimi.it
Conducting a cost-benefit analyses of security solutions has always been hard, because the
benefits are difficult to assess and often only a part of the overall cost is clear. Despite this …
benefits are difficult to assess and often only a part of the overall cost is clear. Despite this …