Cost-effectiveness of Security Measures: A model-based Framework

Wolter Pieters, Christian W. Probst, Zofia Lukszo, L. Montoya

Research output: Chapter in Book/Report/Conference proceedingChapter

  • 6 Citations

Abstract

Recently, cyber security has become an important topic on the agenda of many organisations. It is already widely acknowledged that attacks do happen, and decision makers face the problem of how to respond. As it is almost impossible to secure a complex system completely, it is important to have an adequate estimate of the effectiveness of security measures when making investment decisions. Risk concepts are known in principle, but estimating the effectiveness of countermeasure proves to be difficult and cannot be achieved by qualitative approaches only. In this chapter, we consider the question of how to guarantee cost-effectiveness of security measures. We investigate the possibility of using existing frameworks and tools, the challenges in a security context as opposed to a safety context, and directions for future research.
LanguageUndefined
Title of host publicationApproaches and Processes for Managing the Economics of Information Systems
EditorsTheodosios Tsiakis, Theodorus Kargidis, Panagiotis Katsaros
Place of PublicationHershey, PA
PublisherIGI Global
Pages139-156
Number of pages18
ISBN (Print)978-1-4666-4983-5
DOIs
StatePublished - Jan 2014

Publication series

Name
PublisherIGI Global

Keywords

  • SCS-Cybersecurity
  • EC Grant Agreement nr.: FP7/2007-2013
  • EC Grant Agreement nr.: FP7/261696
  • METIS-297693
  • EWI-23426
  • IR-86287
  • EC Grant Agreement nr.: FP7/318003

Cite this

Pieters, W., Probst, C. W., Lukszo, Z., & Montoya, L. (2014). Cost-effectiveness of Security Measures: A model-based Framework. In T. Tsiakis, T. Kargidis, & P. Katsaros (Eds.), Approaches and Processes for Managing the Economics of Information Systems (pp. 139-156). Hershey, PA: IGI Global. DOI: 10.4018/978-1-4666-4983-5.ch009
Pieters, Wolter ; Probst, Christian W. ; Lukszo, Zofia ; Montoya, L./ Cost-effectiveness of Security Measures: A model-based Framework. Approaches and Processes for Managing the Economics of Information Systems. editor / Theodosios Tsiakis ; Theodorus Kargidis ; Panagiotis Katsaros. Hershey, PA : IGI Global, 2014. pp. 139-156
@inbook{97da2b2e6a12423f9bbba6f0a1cdddda,
title = "Cost-effectiveness of Security Measures: A model-based Framework",
abstract = "Recently, cyber security has become an important topic on the agenda of many organisations. It is already widely acknowledged that attacks do happen, and decision makers face the problem of how to respond. As it is almost impossible to secure a complex system completely, it is important to have an adequate estimate of the effectiveness of security measures when making investment decisions. Risk concepts are known in principle, but estimating the effectiveness of countermeasure proves to be difficult and cannot be achieved by qualitative approaches only. In this chapter, we consider the question of how to guarantee cost-effectiveness of security measures. We investigate the possibility of using existing frameworks and tools, the challenges in a security context as opposed to a safety context, and directions for future research.",
keywords = "SCS-Cybersecurity, EC Grant Agreement nr.: FP7/2007-2013, EC Grant Agreement nr.: FP7/261696, METIS-297693, EWI-23426, IR-86287, EC Grant Agreement nr.: FP7/318003",
author = "Wolter Pieters and Probst, {Christian W.} and Zofia Lukszo and L. Montoya",
note = "Foreground = 100{\%}; Type of activity = Publication; Main leader = UT; Type of audience = scientific community; Size of audience = n.a.; Countries addressed = international;",
year = "2014",
month = "1",
doi = "10.4018/978-1-4666-4983-5.ch009",
language = "Undefined",
isbn = "978-1-4666-4983-5",
publisher = "IGI Global",
pages = "139--156",
editor = "Theodosios Tsiakis and Theodorus Kargidis and Panagiotis Katsaros",
booktitle = "Approaches and Processes for Managing the Economics of Information Systems",

}

Pieters, W, Probst, CW, Lukszo, Z & Montoya, L 2014, Cost-effectiveness of Security Measures: A model-based Framework. in T Tsiakis, T Kargidis & P Katsaros (eds), Approaches and Processes for Managing the Economics of Information Systems. IGI Global, Hershey, PA, pp. 139-156. DOI: 10.4018/978-1-4666-4983-5.ch009

Cost-effectiveness of Security Measures: A model-based Framework. / Pieters, Wolter; Probst, Christian W.; Lukszo, Zofia; Montoya, L.

Approaches and Processes for Managing the Economics of Information Systems. ed. / Theodosios Tsiakis; Theodorus Kargidis; Panagiotis Katsaros. Hershey, PA : IGI Global, 2014. p. 139-156.

Research output: Chapter in Book/Report/Conference proceedingChapter

TY - CHAP

T1 - Cost-effectiveness of Security Measures: A model-based Framework

AU - Pieters,Wolter

AU - Probst,Christian W.

AU - Lukszo,Zofia

AU - Montoya,L.

N1 - Foreground = 100%; Type of activity = Publication; Main leader = UT; Type of audience = scientific community; Size of audience = n.a.; Countries addressed = international;

PY - 2014/1

Y1 - 2014/1

N2 - Recently, cyber security has become an important topic on the agenda of many organisations. It is already widely acknowledged that attacks do happen, and decision makers face the problem of how to respond. As it is almost impossible to secure a complex system completely, it is important to have an adequate estimate of the effectiveness of security measures when making investment decisions. Risk concepts are known in principle, but estimating the effectiveness of countermeasure proves to be difficult and cannot be achieved by qualitative approaches only. In this chapter, we consider the question of how to guarantee cost-effectiveness of security measures. We investigate the possibility of using existing frameworks and tools, the challenges in a security context as opposed to a safety context, and directions for future research.

AB - Recently, cyber security has become an important topic on the agenda of many organisations. It is already widely acknowledged that attacks do happen, and decision makers face the problem of how to respond. As it is almost impossible to secure a complex system completely, it is important to have an adequate estimate of the effectiveness of security measures when making investment decisions. Risk concepts are known in principle, but estimating the effectiveness of countermeasure proves to be difficult and cannot be achieved by qualitative approaches only. In this chapter, we consider the question of how to guarantee cost-effectiveness of security measures. We investigate the possibility of using existing frameworks and tools, the challenges in a security context as opposed to a safety context, and directions for future research.

KW - SCS-Cybersecurity

KW - EC Grant Agreement nr.: FP7/2007-2013

KW - EC Grant Agreement nr.: FP7/261696

KW - METIS-297693

KW - EWI-23426

KW - IR-86287

KW - EC Grant Agreement nr.: FP7/318003

U2 - 10.4018/978-1-4666-4983-5.ch009

DO - 10.4018/978-1-4666-4983-5.ch009

M3 - Chapter

SN - 978-1-4666-4983-5

SP - 139

EP - 156

BT - Approaches and Processes for Managing the Economics of Information Systems

PB - IGI Global

CY - Hershey, PA

ER -

Pieters W, Probst CW, Lukszo Z, Montoya L. Cost-effectiveness of Security Measures: A model-based Framework. In Tsiakis T, Kargidis T, Katsaros P, editors, Approaches and Processes for Managing the Economics of Information Systems. Hershey, PA: IGI Global. 2014. p. 139-156. Available from, DOI: 10.4018/978-1-4666-4983-5.ch009