Assessing the value of investments in network security operations remains a challenging problem. We suggest that an essential component of an analysis of this problem must be an account of the structure of the system/network and the services it is intended to deliver. We apply the methods of classical applied mathematics - using tools drawn from algebra, logic, probability theory, and theoretical computer science - to represent systems, services, and information flows in order to assess the value of network and security operations deployed in response to environmental threats and the requirements of business alignment. We use Monte Carlo experimentation to explore the levels of investment in, and trade-offs between, operations staff and security control devices necessary to maintain network availability of value determined by a given Service Level Agreement. We conclude that our methods deliver useful analyses and identify necessary future work required properly to integrate models of spatially distributed networks, stochastic environmental behaviour, and system value. Publication Info: Workshop on the Economics of Information Security, Carnegie Mellon University, Pittsburgh, PA,USA, June 7-8, 2007 31 Pages
PDF
download
878987797
028-85220240
