Making well-founded security investment decisions is hard:
several alternatives may need to be considered, the
alternatives' space is often diffuse, and many decision parameters that are traded-off are uncertain or
incomplete. We cope with these challenges by proposing a method that supports decision makers in the process of making well-founded and balanced security investment decisions. The method has two fundamental ingredients, staging and learning, that fit into a continuous decision cycle. The method takes advantage of Real Options thinking, not only to select a decision option, but also to compound it with other options in following decision iterations, after reflection on the decision alternatives previously implemented. Additionally, our method is supported by the
SecInvest tool for trade-off analysis that considers decision parameters, including cost, risks, context (such as time-to-market and B2B trust), and expected benefits
when evaluating the various decision alternatives. The output of the tool, a fitness score for each decision alternative, allows to compare the evaluations of the decision makers involved as well as to include learning and consequent adjustments of decision parameters.
We demonstrate the method using a three decision alternatives example.
|Lecture Notes in Computer Science
|To Appear in the 5th International Symposium on Information Security (IS'2010 - On The Move Federated Conferences)
|25/10/10 → 29/10/10
|25-29 October 2010
- Extended Enterprise
- Bayesian Belief Network (BBN)
- Real Option Analysis
- Security Decision Support
- Security Economics