{"title":"用博弈论衡量风险分析控制有效性的方法","authors":"Lisa Rajbhandari, E. Snekkenes","doi":"10.1109/STAST.2011.6059252","DOIUrl":null,"url":null,"abstract":"Security managers are facing problems choosing effective controls (countermeasures), as there is large number of controls at their disposal. Although the existing standards and methods provide guidance, they are not sufficiently comprehensive when it comes to deciding what attributes to look for and how to use them for determining the effectiveness of controls. The purpose of this paper is twofold: first we determine the attributes of controls and its measurement functions, in order to measure its effectiveness by means of Analytic Hierarchy Process (AHP). Secondly, we show how control metrics can be used by the analyst to make deployment decisions by means of Risk Analysis Using Game Theory (RAUGT). The approach is further validated by using a case study between a system owner who wants to determine the effectiveness of using the Password Testing System (PTS) to raise the bar for the attacker.","PeriodicalId":293851,"journal":{"name":"2011 1st Workshop on Socio-Technical Aspects in Security and Trust (STAST)","volume":"10 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2011-11-18","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"5","resultStr":"{\"title\":\"An approach to measure effectiveness of control for risk analysis with game theory\",\"authors\":\"Lisa Rajbhandari, E. Snekkenes\",\"doi\":\"10.1109/STAST.2011.6059252\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Security managers are facing problems choosing effective controls (countermeasures), as there is large number of controls at their disposal. Although the existing standards and methods provide guidance, they are not sufficiently comprehensive when it comes to deciding what attributes to look for and how to use them for determining the effectiveness of controls. The purpose of this paper is twofold: first we determine the attributes of controls and its measurement functions, in order to measure its effectiveness by means of Analytic Hierarchy Process (AHP). Secondly, we show how control metrics can be used by the analyst to make deployment decisions by means of Risk Analysis Using Game Theory (RAUGT). The approach is further validated by using a case study between a system owner who wants to determine the effectiveness of using the Password Testing System (PTS) to raise the bar for the attacker.\",\"PeriodicalId\":293851,\"journal\":{\"name\":\"2011 1st Workshop on Socio-Technical Aspects in Security and Trust (STAST)\",\"volume\":\"10 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2011-11-18\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"5\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2011 1st Workshop on Socio-Technical Aspects in Security and Trust (STAST)\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/STAST.2011.6059252\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2011 1st Workshop on Socio-Technical Aspects in Security and Trust (STAST)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/STAST.2011.6059252","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
An approach to measure effectiveness of control for risk analysis with game theory
Security managers are facing problems choosing effective controls (countermeasures), as there is large number of controls at their disposal. Although the existing standards and methods provide guidance, they are not sufficiently comprehensive when it comes to deciding what attributes to look for and how to use them for determining the effectiveness of controls. The purpose of this paper is twofold: first we determine the attributes of controls and its measurement functions, in order to measure its effectiveness by means of Analytic Hierarchy Process (AHP). Secondly, we show how control metrics can be used by the analyst to make deployment decisions by means of Risk Analysis Using Game Theory (RAUGT). The approach is further validated by using a case study between a system owner who wants to determine the effectiveness of using the Password Testing System (PTS) to raise the bar for the attacker.
京公网安备 11010802042870号
京ICP备2023020795号-1
分享
求助内容:
应助结果提醒方式:
扫码关注我们
