Imperial College London
Alternate

Professor Christopher Hankin

Faculty of EngineeringDepartment of Computing

Professor of Computing
 
 
 
//

Contact

 

c.hankin Website

 
 
//

Location

 

Sherfield BuildingSouth Kensington Campus

//

Summary

 

Publications

Citation

BibTex format

@article{Fielder:2015,
author = {Fielder, A and Panaousis, E and Malacaria, P and Hankin, C and Smeraldi, F},
title = {Comparing Decision Support Approaches for Cyber Security Investment},
url = {http://arxiv.org/abs/1502.05532v1},
year = {2015}
}
Download

RIS format (EndNote, RefMan)

TY  - JOUR
AB  - When investing in cyber security resources, information security managershave to follow effective decision-making strategies. We refer to this as thecyber security investment challenge. In this paper, we consider three possibledecision-support methodologies for security managers to tackle this challenge.We consider methods based on game theory, combinatorial optimisation and ahybrid of the two. Our modelling starts by building a framework where we caninvestigate the effectiveness of a cyber security control regarding theprotection of different assets seen as targets in presence of commoditythreats. In terms of game theory we consider a 2-person control game betweenthe security manager who has to choose among different implementation levels ofa cyber security control, and a commodity attacker who chooses among differenttargets to attack. The pure game theoretical methodology consists of a largegame including all controls and all threats. In the hybrid methodology the gamesolutions of individual control-games along with their direct costs (e.g.financial) are combined with a knapsack algorithm to derive an optimalinvestment strategy. The combinatorial optimisation technique consists of amulti-objective multiple choice knapsack based strategy. We compare theseapproaches on a case study that was built on SANS top critical controls. Themain achievements of this work is to highlight the weaknesses and strengths ofdifferent investment methodologies for cyber security, the benefit of theirinteraction, and the impact that indirect costs have on cyber securityinvestment.
AU  - Fielder,A
AU  - Panaousis,E
AU  - Malacaria,P
AU  - Hankin,C
AU  - Smeraldi,F
PY  - 2015///
TI  - Comparing Decision Support Approaches for Cyber Security Investment
UR  - http://arxiv.org/abs/1502.05532v1
ER  -
Download