Visible to the public Improving security decision under uncertainty: A multidisciplinary approach

Submitted by grigby1 on Tue, 03/07/2017 - 12:43pm
TitleImproving security decision under uncertainty: A multidisciplinary approach
Publication TypeConference Paper
Year of Publication2015
AuthorsDehghanniri, H., Letier, E., Borrion, H.
Conference Name2015 International Conference on Cyber Situational Awareness, Data Analytics and Assessment (CyberSA)
Date PublishedJune 2015
PublisherIEEE
ISBN Number978-0-9932-3380-7
KeywordsCompanies, Credit cards, crime science, crime script, decision making, decision-making, identity theft, modelling language, pubcrawl170109, quantitative decision analysis, requirements engineering, risk, risk assessment, risk management, security, security decision-making, security of data, security risk, security threat, software engineering, Uncertainty
Abstract

Security decision-making is a critical task in tackling security threats affecting a system or process. It often involves selecting a suitable resolution action to tackle an identified security risk. To support this selection process, decision-makers should be able to evaluate and compare available decision options. This article introduces a modelling language that can be used to represent the effects of resolution actions on the stakeholders' goals, the crime process, and the attacker. In order to reach this aim, we develop a multidisciplinary framework that combines existing knowledge from the fields of software engineering, crime science, risk assessment, and quantitative decision analysis. The framework is illustrated through an application to a case of identity theft.
URLhttps://ieeexplore.ieee.org/document/7166134
DOI10.1109/CyberSA.2015.7166134
Citation Keydehghanniri_improving_2015
Groups: