改进不确定性下的安全决策:多学科方法

2015 International Conference on Cyber Situational Awareness, Data Analytics and Assessment (CyberSA) Pub Date : 2015-06-08 DOI:10.1109/CyberSA.2015.7166134

Hashem Dehghanniri, Emmanuel Letier, H. Borrion

{"title":"改进不确定性下的安全决策:多学科方法","authors":"Hashem Dehghanniri, Emmanuel Letier, H. Borrion","doi":"10.1109/CyberSA.2015.7166134","DOIUrl":null,"url":null,"abstract":"Security decision-making is a critical task in tackling security threats affecting a system or process. It often involves selecting a suitable resolution action to tackle an identified security risk. To support this selection process, decision-makers should be able to evaluate and compare available decision options. This article introduces a modelling language that can be used to represent the effects of resolution actions on the stakeholders' goals, the crime process, and the attacker. In order to reach this aim, we develop a multidisciplinary framework that combines existing knowledge from the fields of software engineering, crime science, risk assessment, and quantitative decision analysis. The framework is illustrated through an application to a case of identity theft.","PeriodicalId":432356,"journal":{"name":"2015 International Conference on Cyber Situational Awareness, Data Analytics and Assessment (CyberSA)","volume":"119 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2015-06-08","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"6","resultStr":"{\"title\":\"Improving security decision under uncertainty: A multidisciplinary approach\",\"authors\":\"Hashem Dehghanniri, Emmanuel Letier, H. Borrion\",\"doi\":\"10.1109/CyberSA.2015.7166134\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Security decision-making is a critical task in tackling security threats affecting a system or process. It often involves selecting a suitable resolution action to tackle an identified security risk. To support this selection process, decision-makers should be able to evaluate and compare available decision options. This article introduces a modelling language that can be used to represent the effects of resolution actions on the stakeholders' goals, the crime process, and the attacker. In order to reach this aim, we develop a multidisciplinary framework that combines existing knowledge from the fields of software engineering, crime science, risk assessment, and quantitative decision analysis. The framework is illustrated through an application to a case of identity theft.\",\"PeriodicalId\":432356,\"journal\":{\"name\":\"2015 International Conference on Cyber Situational Awareness, Data Analytics and Assessment (CyberSA)\",\"volume\":\"119 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2015-06-08\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"6\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2015 International Conference on Cyber Situational Awareness, Data Analytics and Assessment (CyberSA)\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/CyberSA.2015.7166134\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2015 International Conference on Cyber Situational Awareness, Data Analytics and Assessment (CyberSA)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/CyberSA.2015.7166134","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 6

摘要

安全决策是处理影响系统或流程的安全威胁的关键任务。它通常涉及选择合适的解决操作来处理已识别的安全风险。为了支持这个选择过程，决策者应该能够评估和比较可用的决策选项。本文介绍了一种建模语言，可用于表示解决行动对涉众目标、犯罪过程和攻击者的影响。为了达到这一目标，我们开发了一个多学科框架，结合了软件工程、犯罪科学、风险评估和定量决策分析等领域的现有知识。通过一个身份盗窃案例的应用来说明该框架。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

查看原文本刊更多论文

Improving security decision under uncertainty: A multidisciplinary approach

Security decision-making is a critical task in tackling security threats affecting a system or process. It often involves selecting a suitable resolution action to tackle an identified security risk. To support this selection process, decision-makers should be able to evaluate and compare available decision options. This article introduces a modelling language that can be used to represent the effects of resolution actions on the stakeholders' goals, the crime process, and the attacker. In order to reach this aim, we develop a multidisciplinary framework that combines existing knowledge from the fields of software engineering, crime science, risk assessment, and quantitative decision analysis. The framework is illustrated through an application to a case of identity theft.

求助全文

通过发布文献求助，成功后即可免费获取论文全文。去求助

来源期刊

2015 International Conference on Cyber Situational Awareness, Data Analytics and Assessment (CyberSA)

自引率

0.00%

发文量