Decision support approaches for cyber security investment

Fielder, Andrew; Panaousis, Emmanouil; Malacaria, Pasquale; Hankin, Chris; Smeraldi, Fabrizio

doi:10.1016/j.dss.2016.02.012

Cited by 205 publications

(155 citation statements)

References 28 publications

Supporting

Mentioning

152

Contrasting

Unclassified

Order By: Relevance

“…In general, by allocating resources to cybersecurity capabilities, managers can not only effectively reduce potential losses due to cyberattacks, but also improve overall performance of their operations [22]. It remains that the diversion of funds away from profit-making processes and assets reduces cash flow [41]; this issue is exacerbated in small and medium-sized enterprises where there is often little or no additional funding available for cybersecurity [42]. Furthermore, unlike investors who can diversify their holdings according to their appetite for risk, managers often have limited tenure in their organizations and have little choice in dealing with the risk that their company faces.…”

Section: Theoretical Backgroundmentioning

confidence: 97%

Decision Making and Biases in Cybersecurity Capability Development: Evidence from a Simulation Game Experiment

2017

View full text Add to dashboard Cite

Abstract:We developed a simulation game to study how well decision makers understand two fundamental aspects of complexity in cybersecurity: potential delays in building capabilities, and uncertainties in predicting cyber-incidents. Analyzing 1,479 simulation runs, we compared the performances of a group of experienced professionals to an inexperienced control group. Experienced subjects did not understand the mechanisms of delays any better than inexperienced subjects. Both groups also exhibited similar errors when dealing with the uncertainty of cyber-incidents. Our findings highlight the importance of training for decision-makers, and lay the groundwork for future research in uncovering mental biases about the complexities of cybersecurity.

show abstract

Section: Theoretical Backgroundmentioning

confidence: 97%

Decision Making and Biases in Cybersecurity Capability Development: Evidence from a Simulation Game Experiment

2017

View full text Add to dashboard Cite

show abstract

“…It processes through a malware and doesn't require any kind of activity by the client to download [24].…”

Section: Drive-by Downloadsmentioning

confidence: 99%

Cyber-Security and Combatting Cyber-Attacks: A Study

Jones¹

2017

JECSE

View full text Add to dashboard Cite

Cyber-security has turned into a national objective and an administrative need. Expanded cyber-security will help ensure purchasers and organizations, guarantee the accessibility of basic frameworks on which our economy depends, and reinforce national security. In any case, cybersecurity endeavours must be precisely custom fitted, keeping in mind the end goal to protect security, freedom, advancement and the open way of the internet which emphasizes on the need for cybersecurity. To outline a successful and adjusted cyber-security technique, each piece of the nation's basic framework must be considered independently. Arrangements that might be proper for the control framework or budgetary systems may not be reasonable for securing people in general segments of the internet that constitute the very engineering with the expectation of complimentary discourse basic to our government. Arrangements toward government frameworks can be substantially more prescriptive than arrangement towards private frameworks. The attributes that have made the internet occupy a considerable space-its openness, its decentralized and client controlled nature, and its support for advancement and free expression -might pose considerable hazards if awkward approaches are established that apply consistently to all foundations. This study entails the various perspectives of cyber-security and suggestions for better protection against attacks and techniques which are to be followed by the governmental organizations as counter measures when it comes to cyber-security and cyber-attacks.

show abstract

“…[34] presents an interesting and well-formalized approach for situations where too few budget exists to fully implement all mitigation actions to known attack surfaces. [35], [36], and Fiedler [37] consider a defender-attacker interaction as strategic games and present well-formalized definitions and well-defined problems for winning these games based on a cost optimization. Other cost-focused approaches are proposed in [32,36,38,39].…”

Section: Related Workmentioning

confidence: 99%

Selection of Pareto-efficient response plans based on financial and operational assessments

Motzek

González-Granadillo

Debar

et al. 2017

EURASIP J. on Info. Security

View full text Add to dashboard Cite

Finding adequate responses to ongoing attacks on ICT systems is a pertinacious problem and requires assessments from different perpendicular viewpoints. However, current research focuses on reducing the impact of an attack irregardless of side effects caused by responses. In order to achieve a comprehensive yet accurate response to possible and ongoing attacks on a managed ICT system, we propose an approach that evaluates a response from two perpendicular perspectives: (1) A response financial impact assessment, considering the financial benefits of restoring and protecting potentially threatened operational capabilities while considering implementation and maintenance costs of responses. (2) A response operational impact assessment, which assesses potential impacts that efficient mitigation actions may inadvertently cause on the organization in an operational perspective, e.g., negative side effects of deploying mitigations. It is the key benefit of the presented approach to combine all obtained evaluations with a multi-dimensional optimization procedure such that a response plan is selected which reduces a state of risk below an admissible level while minimizing potential negative side effects of deliberately taken actions.

show abstract

Decision support approaches for cyber security investment

Cited by 205 publications

References 28 publications

Decision Making and Biases in Cybersecurity Capability Development: Evidence from a Simulation Game Experiment

Decision Making and Biases in Cybersecurity Capability Development: Evidence from a Simulation Game Experiment

Cyber-Security and Combatting Cyber-Attacks: A Study

Selection of Pareto-efficient response plans based on financial and operational assessments

Contact Info

Product

Resources

About