• Corpus ID: 14117843

Cost Tradeoffs for Information Security Assurance

  title={Cost Tradeoffs for Information Security Assurance},
  author={Ritesh Kumar Tiwari and K. Karlapalem},
  booktitle={Workshop on the Economics of Information Security},
Information security is important in proportion to an organization’s dependence on information technology. Security of a computer based information system should protect the Confidentiality, Integrity and Availability (CIA) aspects of the system. With the increasing dependence of business processes on information technology, the number of attacks against CIA aspects have increased manifold. Since achieving perfect security is monetarily and practically infeasible, organizations are using risk… 

Figures from this paper

Developing a Framework for Evaluating Organizational Information Assurance Metrics Programs

This research finds that both the DOD and USAF have highly complex information security programs that are primarily focused on determining the return for security investments, meeting budget constraints, and achieving mission objectives while NASA's Jet Propulsion Lab seeks to improve security processes related to compliance.

A Game-Theoretic Framework for Network Security Vulnerability Assessment and Mitigation

In this paper we propose and discuss a game-theoretic framework for (a) evaluating security vulnerability, (b) quantifying the corresponding Pareto optimal vulnerability/cost tradeoff, and (c)

Economics and Optimal Investment Policies of Attackers and Defenders in Cybersecurity

This model is a simplified adaptation of a model proposed during the Cold War for weapons deployment in the US and obtains a succinct set of three decision types that categorize all of the Defender’s optimal investment decisions.


A shopper program is designed and implemented using VB.NET to follow up the movement of goods in the store and the shopping place and applying the Arabic letter coding adds more credit to the program usability and availability.

Geschäftszielorientiertes Management von Informationssicherheit

Für Unternehmungen gleich welcher Größenordnung sind Informationen zu einem entscheidenden Wettbewerbsfaktor geworden, den sie intensiv schützen, er muss also ökonomisch sinnvoll sein.

The Economics of Malware

In many cases, an economic perspective on cybersecurity – and malware in particular – provides us with more powerful analysis and a fruitful starting point for new governmental policies: incentive



Information security is information risk management

It is argued that the approach to information security from the ground up must be reconsidered if it is to deal effectively with the problem of information risk, and a new model inspired by the history of medicine is proposed.

Why information security is hard - an economic perspective

  • Ross J. Anderson
  • Computer Science
    Seventeenth Annual Computer Security Applications Conference
  • 2001
The author puts forward a contrary view: information insecurity is at least as much due to perverse incentives as it is due to technical measures.

The economics of information security investment

An economic model is presented that determines the optimal amount to invest to protect a given set of information and takes into account the vulnerability of the information to a security breach and the potential loss should such a breach occur.

Security risk analysis and evaluation

  • F. HarmantzisM. Malek
  • Computer Science, Business
    2004 IEEE International Conference on Communications (IEEE Cat. No.04CH37577)
  • 2004
A risk management framework from a bottom-up perspective, i.e. modeling the different types of attacks (or risk types) that an organization could experience, is proposed and a quantitative model is presented to measure the economic impact of security risk.

Algebraic specification of network security risk management

An algebraic specification of network security risk management activities is provided, which constitutes a helpful mean to reason about automating the risk assessment process without taking into consideration implementations issues.

Computer security strength and risk: a quantitative approach

This dissertation shows how security strength can be measured using market means, how these strength measures can be applied to create models that forecast the security risk facing a system, and how the power of markets can be unleashed to increase security strength throughout the software development process.

Economic analysis of the market for software vulnerability disclosure

The key issue addressed in this paper is whether movement towards a market based mechanism for vulnerabilities leads to a better social outcome, by characterizing the behavior of software users benign and malign identifiers (or hackers).

A practical approach to measuring assurance

  • G. JelenJ. Williams
  • Computer Science, Political Science
    Proceedings 14th Annual Computer Security Applications Conference (Cat. No.98EX217)
  • 1998
The definition of assurance permits high assurance to be associated with low security and high risk as well, and provides a way of deciding whether or not the assurance one has is sufficient.

Protecting Secret Data from Insider Attacks

This work investigates the problem of protecting secret data, assuming an attacker is inside a target network or has compromised a system, and proposes a solution, VAST, that uses large, structured files to improve the secure storage of valuable or secret data.

How Much Security Is Enough to Stop a Thief?: The Economics of Outsider Theft via Computer Systems and Networks

We address the question of how much security is required to protect a packaged system, installed in a large number of organizations, from thieves who would exploit a single vulnerability to attack