Title :
Risk-based cost-benefit analysis for security assessment problems
Author :
Wyss, Gregory D. ; Clem, John F. ; Darby, John L. ; Dunphy-Guzman, Katherine ; Hinton, John P. ; Mitchiner, Kim W.
Author_Institution :
Sandia Nat. Labs., Albuquerque, NM, USA
Abstract :
Decision-makers want to perform risk-based cost-benefit prioritization of security investments. However, strong nonlinearities in the most common physical security performance metric make it difficult to use for cost-benefit analysis. This paper extends the definition of risk for security applications and embodies this definition in a new but related security risk metric based on the degree of difficulty an adversary will encounter to successfully execute the most advantageous attack scenario. This metric is compatible with traditional cost-benefit optimization algorithms, and can lead to an objective risk-based cost-benefit method for security investment option prioritization. It also enables decision-makers to more effectively communicate the justification for their investment decisions with stakeholders and funding authorities.
Keywords :
cost-benefit analysis; investment; optimisation; risk analysis; security of data; software performance evaluation; cost-benefit optimization algorithm; physical security performance metric; risk-based cost-benefit analysis; risk-based cost-benefit prioritization; security assessment problem; security investment option prioritization; Game theory; Games; Investments; Laboratories; Measurement; Risk management; Security; Security risk; cost-benefit optimization; risk management;
Conference_Titel :
Security Technology (ICCST), 2010 IEEE International Carnahan Conference on
Conference_Location :
San Jose, CA
Print_ISBN :
978-1-4244-7403-5
DOI :
10.1109/CCST.2010.5678687
