Combining Technical and Financial Impacts for Countermeasure Selection

Gustavo Gonzalez-Granadillo
(Institut Mines-Télécom, Télécom SudParis, CNRS UMR 5157 SAMOVAR, France)
Christophe Ponchel
(Cassidian CyberSecurity, France)
Gregory Blanc
(Institut Mines-Télécom, Télécom SudParis, CNRS UMR 5157 SAMOVAR, France)
Hervé Debar
(Institut Mines-Télécom, Télécom SudParis, CNRS UMR 5157 SAMOVAR, France)

Research in information security has generally focused on providing a comprehensive interpretation of threats, vulnerabilities, and attacks, in particular to evaluate their danger and prioritize responses accordingly. Most of the current approaches propose advanced techniques to detect intrusions and complex attacks but few of these approaches propose well defined methodologies to react against a given attack. In this paper, we propose a novel and systematic method to select security countermeasures from a pool of candidates, by ranking them based on the technical and financial impact associated to each alternative. The method includes industrial evaluation and simulations of the impact associated to a given security measure which allows to compute the return on response investment for different candidates. A simple case study is proposed at the end of the paper to show the applicability of the model.

In Joaquin Garcia-Alfaro and Gürkan Gür: Proceedings 2014 International Workshop on Advanced Intrusion Detection and Prevention (AIDP 2014), Marrakesh, Morocco, June 2014, Electronic Proceedings in Theoretical Computer Science 165, pp. 1–14.
Published: 13th October 2014.

ArXived at: bibtex PDF
References in reconstructed bibtex, XML and HTML format (approximated).
Comments and questions to:
For website issues: