Title :
Improving security decision under uncertainty: A multidisciplinary approach
Author :
Dehghanniri, Hashem ; Letier, Emmanuel ; Borrion, Herve
Author_Institution :
Dept. of Security & Crime Sci., Univ. Coll. London, London, UK
Abstract :
Security decision-making is a critical task in tackling security threats affecting a system or process. It often involves selecting a suitable resolution action to tackle an identified security risk. To support this selection process, decision-makers should be able to evaluate and compare available decision options. This article introduces a modelling language that can be used to represent the effects of resolution actions on the stakeholders´ goals, the crime process, and the attacker. In order to reach this aim, we develop a multidisciplinary framework that combines existing knowledge from the fields of software engineering, crime science, risk assessment, and quantitative decision analysis. The framework is illustrated through an application to a case of identity theft.
Keywords :
decision making; risk management; security of data; software engineering; crime science; identity theft; modelling language; quantitative decision analysis; risk assessment; security decision-making; security risk; security threat; software engineering; Companies; Credit cards; Decision making; Risk management; Security; Uncertainty; crime script; decision-making; identity theft; requirements engineering; risk; security; uncertainty;
Conference_Titel :
Cyber Situational Awareness, Data Analytics and Assessment (CyberSA), 2015 International Conference on
Conference_Location :
London
DOI :
10.1109/CyberSA.2015.7166134
