Name
Title | ||
|---|---|---|
A Multi-objective Decision Support Framework for Simulation-Based Security Control Selection |
Abstract | ||
|---|---|---|
In this paper, we report on our ongoing research on simulation-based information security risk assessment and multi-objective optimization of investment in security controls. We outline a methodological framework that accounts for characteristics of the organization, its information infrastructure, assets to be protected, the particular threat sources it faces, and the decision-makers' risk preferences. This framework comprises (i) ontological modeling of security knowledge, (ii) dynamic attack graph generation techniques, (iii) probabilistic simulation of attacks by goal-driven threat agents, (iv) meta-heuristic identification of efficient portfolios of information security controls, and (v) interactive decision support. These components facilitate novel techniques to infer possible routes of attacks and generate attack graphs based on attackers' motivation, objectives, capabilities, and available modes of entry and to use this inferred knowledge to simulate attacks on an organization's modeled infrastructure. The method supports decision makers evaluating potential security control investments in striking a balance between monetary and non-monetary criteria regarding risks, costs, and benefits. We are currently in the process of developing a prototypical implementation of the framework that will be used to evaluate the approach through application case studies. |
Year | DOI | Venue |
|---|---|---|
2012 | 10.1109/ARES.2012.70 | ARES |
Keywords | Field | DocType |
decision making,decision support systems,digital simulation,graph theory,interactive systems,multi-agent systems,ontologies (artificial intelligence),probability,risk management,security of data,asset protection,attack probabilistic simulation,decision-maker risk preference,dynamic attack graph generation techniques,goal-driven threat agents,information infrastructure,interactive decision support,multiobjective decision support framework,multiobjective optimization,organization characteristics,portfolio meta-heuristic identification,security knowledge ontological modeling,simulation-based information security risk assessment,simulation-based security control selection,threat sources,computational modeling,decision support systems,human factors,security and protection,simulation,systems analysis and design | Data mining,Security controls,Asset (computer security),Computer security,Computer science,Information security,Security service,Information security management,Security information and event management,Threat,Security management | Conference |
Citations | PageRank | References |
0 | 0.34 | 32 |
Authors | ||
3 | ||
Name | Order | Citations | PageRank |
|---|---|---|---|
| Elmar Kiesling | 1 | 82 | 11.47 |
| Christine Strausb | 2 | 0 | 0.34 |
| Christian Stummer | 3 | 567 | 39.96 |