科技报告详细信息
Systems Modelling for Economic Analyses of Security Investments: A Case
Baldwin, Adrian ; Casassa Mont, Marco ; Pym, David ; Shiu, Simon
HP Development Company
关键词: security analytics;    identity management;    economics;   
RP-ID  :  HPL-2009-173
学科分类:计算机科学(综合)
美国|英语
来源: HP Labs
PDF
【 摘 要 】

Identity and Access Management (IAM) is a key issue for systems security managers such as CISOs. More specifically, it is a difficult problem to understand how different investments in people, process, and technology affect the intended security outcomes. We position this problem within the framework of optimal control models in macroeconomics, and use a process model to understand the dynamics of the utility of possible trade-offs between investment, access, and security incidents (breaches). A utility function is used to express the security manager's IAM preferences, and the functional behaviour of its components is described via a process model. Executing our process model as Monte Carlo simulations, we illustrate the behaviour of the utility function for varying levels of investment and threat, and so provide the beginnings of a decision-support tool for systems security managers.

【 预 览 】
附件列表
Files Size Format View
RO201804100002640LZ 203KB PDF download
  文献评价指标  
  下载次数:18次 浏览次数:75次