Advertisement

Return on Security Investment Against Cyber Attacks on Availability

  • Byoung Joon Min
  • Seung Hwan Yoo
  • Jong Ho Ryu
  • Dong Il Seo
Part of the Lecture Notes in Computer Science book series (LNCS, volume 3981)

Abstract

As it is getting more important to support stabilized secure services, many organizations increase the security investment to protect their assets and clients from cyber attacks. The purpose of this paper is to suggest a guideline for security managers to select a set of the security countermeasures that mitigates damages from availability attacks in a cost-effective manner. We present a sys-tematic approach to the risk analysis against availability attacks and demonstrate countermeasure benefit estimations. The risk analysis consists of three procedures: Service Value Analysis, Threat Analysis, and Countermeasure Analysis. As the outcome of the procedures, our approach produces quantitative benefit analysis for each countermeasure against availability attacks. We have applied a simulation tool developed to implement the approach to VoIP(Voice over Internet Protocol) services and the result is also presented.

Keywords

Security Model Damage Impact Security Manager Security Investment Mitigation Factor 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Congressional Research Service, The Economic Impact of Cyber-Attacks, CRS Report for Congress (April 2004)Google Scholar
  2. Sahinoglu, M.: Security Meter: A Practical Decision-Tree Model to Quan-tify Risk. In: IEEE Security & Privacy. IEEE Computer Society, Los Alamitos (2005)Google Scholar
  3. Butler, S.: Security Attribute Evaluation Method: A Cost-Benefit Approach. In: Proceedings of International Conference on Software Engineering (2002)Google Scholar
  4. Cavusoglu, H., Mishra, B., Raghunathan, S.: A Model for Evaluating IT Security Investments. Communications of the ACM 47(7) (July 2004)Google Scholar
  5. ITU-T Recommendation X.805 and its application to NGN, ITU/IETF Work- shop on NGN (2005)Google Scholar
  6. National Institute of Standards and Technology, Special Publications: Risk Management Guide (DRAFT) (June 2001)Google Scholar
  7. Multiservice Switching Forum, Next-Generation VoIP Network Architecture, MSF Technical Report (March 2003)Google Scholar
  8. Conrad, J.: Analyzing the Risks of Information Security Investments with Monte-Carlo Simulation. In: Fourth Workshop on the Economics of Information Security (June 2005)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2006

Authors and Affiliations

  • Byoung Joon Min
    • 1
  • Seung Hwan Yoo
    • 1
  • Jong Ho Ryu
    • 2
  • Dong Il Seo
    • 2
  1. 1.Dept. of Computer Science and EngineeringUniversity of IncheonIncheonRepublic of Korea
  2. 2.Electronics and Telecommunications Research InstituteDaejeonRepublic of Korea

Personalised recommendations