The navigation metaphor in security economics

Wolter Pieters; Jeroen Barendse; Margaret Ford; Claude P.R. Heath; Christian W. Probst; Ruud Verbij

doi:10.1109/MSP.2016.47

The navigation metaphor in security economics

Wolter Pieters, Jeroen Barendse, Margaret Ford, Claude P.R. Heath, Christian W. Probst, Ruud Verbij

Research output: Contribution to journal › Article › Academic › peer-review

4 Citations (Scopus)

Abstract

The navigation metaphor for cybersecurity merges security architecture models and security economics. By identifying the most efficient routes for gaining access to assets from an attacker's viewpoint, an organization can optimize its defenses along these routes. The well-understood concept of navigation makes it easier to motivate and explain security investment to a wide audience, encouraging strategic security decisions.

Original language	Undefined
Pages (from-to)	14-21
Number of pages	8
Journal	IEEE security & privacy
Volume	14
Issue number	3
DOIs	https://doi.org/10.1109/MSP.2016.47
Publication status	Published - 25 May 2016

Keywords

cyberattacks
attacker profiles
attack navigators
EWI-27181
security models
Navigation
Internet/Web technologies
hackers
EC Grant Agreement nr.: FP7/318003
METIS-318506
Visualization
IR-101092
E-commerce
Security
Security Economics
EC Grant Agreement nr.: FP7/2007-2013

Access to Document

10.1109/MSP.2016.47

http://eprints.eemcs.utwente.nl/secure2/27181/01/07478534.pdf

Cite this

@article{30a098e6dcb34adc83d37f203be893ad,

title = "The navigation metaphor in security economics",

abstract = "The navigation metaphor for cybersecurity merges security architecture models and security economics. By identifying the most efficient routes for gaining access to assets from an attacker's viewpoint, an organization can optimize its defenses along these routes. The well-understood concept of navigation makes it easier to motivate and explain security investment to a wide audience, encouraging strategic security decisions.",

keywords = "cyberattacks, attacker profiles, attack navigators, EWI-27181, security models, Navigation, Internet/Web technologies, hackers, EC Grant Agreement nr.: FP7/318003, METIS-318506, Visualization, IR-101092, E-commerce, Security, Security Economics, EC Grant Agreement nr.: FP7/2007-2013",

author = "Wolter Pieters and Jeroen Barendse and Margaret Ford and Heath, {Claude P.R.} and Probst, {Christian W.} and Ruud Verbij",

note = "eemcs-eprint-27181 ",

year = "2016",

month = may,

day = "25",

doi = "10.1109/MSP.2016.47",

language = "Undefined",

volume = "14",

pages = "14--21",

journal = "IEEE security & privacy",

issn = "1540-7993",

publisher = "IEEE",

number = "3",

}

TY - JOUR

T1 - The navigation metaphor in security economics

AU - Pieters, Wolter

AU - Barendse, Jeroen

AU - Ford, Margaret

AU - Heath, Claude P.R.

AU - Probst, Christian W.

AU - Verbij, Ruud

N1 - eemcs-eprint-27181

PY - 2016/5/25

Y1 - 2016/5/25

N2 - The navigation metaphor for cybersecurity merges security architecture models and security economics. By identifying the most efficient routes for gaining access to assets from an attacker's viewpoint, an organization can optimize its defenses along these routes. The well-understood concept of navigation makes it easier to motivate and explain security investment to a wide audience, encouraging strategic security decisions.

AB - The navigation metaphor for cybersecurity merges security architecture models and security economics. By identifying the most efficient routes for gaining access to assets from an attacker's viewpoint, an organization can optimize its defenses along these routes. The well-understood concept of navigation makes it easier to motivate and explain security investment to a wide audience, encouraging strategic security decisions.

KW - cyberattacks

KW - attacker profiles

KW - attack navigators

KW - EWI-27181

KW - security models

KW - Navigation

KW - Internet/Web technologies

KW - hackers

KW - EC Grant Agreement nr.: FP7/318003

KW - METIS-318506

KW - Visualization

KW - IR-101092

KW - E-commerce

KW - Security

KW - Security Economics

KW - EC Grant Agreement nr.: FP7/2007-2013

U2 - 10.1109/MSP.2016.47

DO - 10.1109/MSP.2016.47

M3 - Article

VL - 14

SP - 14

EP - 21

JO - IEEE security & privacy

JF - IEEE security & privacy

SN - 1540-7993

IS - 3

ER -