Return on Security Investment Against Cyber Attacks on Availability (original) (raw)

Abstract

As it is getting more important to support stabilized secure services, many organizations increase the security investment to protect their assets and clients from cyber attacks. The purpose of this paper is to suggest a guideline for security managers to select a set of the security countermeasures that mitigates damages from availability attacks in a cost-effective manner. We present a sys-tematic approach to the risk analysis against availability attacks and demonstrate countermeasure benefit estimations. The risk analysis consists of three procedures: Service Value Analysis, Threat Analysis, and Countermeasure Analysis. As the outcome of the procedures, our approach produces quantitative benefit analysis for each countermeasure against availability attacks. We have applied a simulation tool developed to implement the approach to VoIP(Voice over Internet Protocol) services and the result is also presented.

Preview

Unable to display preview. Download preview PDF.

Similar content being viewed by others

References

• Congressional Research Service, The Economic Impact of Cyber-Attacks, CRS Report for Congress (April 2004)
  Google Scholar
• Sahinoglu, M.: Security Meter: A Practical Decision-Tree Model to Quan-tify Risk. In: IEEE Security & Privacy. IEEE Computer Society, Los Alamitos (2005)
  Google Scholar
• Butler, S.: Security Attribute Evaluation Method: A Cost-Benefit Approach. In: Proceedings of International Conference on Software Engineering (2002)
  Google Scholar
• Cavusoglu, H., Mishra, B., Raghunathan, S.: A Model for Evaluating IT Security Investments. Communications of the ACM 47(7) (July 2004)
  Google Scholar
• ITU-T Recommendation X.805 and its application to NGN, ITU/IETF Work- shop on NGN (2005)
  Google Scholar
• National Institute of Standards and Technology, Special Publications: Risk Management Guide (DRAFT) (June 2001)
  Google Scholar
• Multiservice Switching Forum, Next-Generation VoIP Network Architecture, MSF Technical Report (March 2003)
  Google Scholar
• Conrad, J.: Analyzing the Risks of Information Security Investments with Monte-Carlo Simulation. In: Fourth Workshop on the Economics of Information Security (June 2005)
  Google Scholar

Download references

Author information

Authors and Affiliations

1. Dept. of Computer Science and Engineering, University of Incheon, Incheon, 402-749, Republic of Korea
   Byoung Joon Min & Seung Hwan Yoo
2. Electronics and Telecommunications Research Institute, Daejeon, 305-350, Republic of Korea
   Jong Ho Ryu & Dong Il Seo

Authors

1. Byoung Joon Min
2. Seung Hwan Yoo
3. Jong Ho Ryu
4. Dong Il Seo

Editor information

Editors and Affiliations

1. Department of Computer Science, University of Calgary, 2500 University Drive N.W., T2N 1N4, Calgary, AB, Canada
   Marina L. Gavrilova
2. Department of Mathematics and Computer Science, University of Perugia, via Vanvitelli, 1, I-06123, Perugia, Italy
   Osvaldo Gervasi
3. William Norris Professor, Head of the Computer Science and Engineering Department, University of Minnesota, USA
   Vipin Kumar
4. OptimaNumerics Ltd., Cathedral House, 23-31 Waring Street, BT1 2DX, Belfast, UK
   C. J. Kenneth Tan
5. Clayton School of IT, Monash University, 3800, Clayton, Australia
   David Taniar
6. Department of Chemistry, University of Perugia, Via Elce di Sotto, 8, I-06123, Perugia, Italy
   Antonio Laganá
7. School of Computing, Soongsil University, Seoul, Korea
   Youngsong Mun
8. School of Information and Communication Engineering, Sungkyunkwan University, Korea
   Hyunseung Choo

Rights and permissions

Copyright information

© 2006 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Min, B.J., Yoo, S.H., Ryu, J.H., Seo, D.I. (2006). Return on Security Investment Against Cyber Attacks on Availability. In: Gavrilova, M.L., et al. Computational Science and Its Applications - ICCSA 2006. ICCSA 2006. Lecture Notes in Computer Science, vol 3981. Springer, Berlin, Heidelberg. https://doi.org/10.1007/11751588\_29

Download citation

• .RIS
• .ENW
• .BIB
• DOI: https://doi.org/10.1007/11751588\_29
• Publisher Name: Springer, Berlin, Heidelberg
• Print ISBN: 978-3-540-34072-0
• Online ISBN: 978-3-540-34074-4
• eBook Packages: Computer ScienceComputer Science (R0)Springer Nature Proceedings Computer Science

Keywords

These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.

Publish with us