On a multi-dimensional framework for information security management

Research output: Chapters, Conference Papers, Creative and Literary WorksRGC 32 - Refereed conference paper (with host publication)peer-review

View graph of relations

Author(s)

Detail(s)

Original languageEnglish
Title of host publication2008 Workshop on Information Technologies and Systems, WITS 2008
PublisherSocial Science Research Network
Pages169-175
Publication statusPublished - 2008
Externally publishedYes

Conference

Title2008 Workshop on Information Technologies and Systems, WITS 2008
PlaceFrance
CityParis
Period13 - 14 December 2008

Abstract

This paper analyzes interactions between a firm that seeks to dynamically choose the risk associated with a security system and hackers who seek to compromise it. We formulate the problem using an analytical model in which the level of system vulnerability at any point in time potentially affects a variety of risk factors that are balanced to provide a multi-dimensional approach to information security management. The approach not only considers conventional factors such as detection rate and false positive rate, but also includes factors that account for hacker attack behavior and learning that occurs in response to actions taken by the firm to manage system risk. System vulnerability can be lowered by increasing the system's discrimination ability (i.e., the ability to distinguish between attacks and normal usage). The discrimination ability deteriorates due to changes in the domain and through the dissemination of information about the system's vulnerabilities among hackers. The problem is solved to reveal the presence of a steady-state solution, one in which the level of system discrimination ability is held constant. We provide insights into managing various dimensions of risk in a consolidated risk management framework.

Citation Format(s)

On a multi-dimensional framework for information security management. / Bensoussan, Alain; Mookerjee, Radha; Mookerjee, Vijay et al.
2008 Workshop on Information Technologies and Systems, WITS 2008. Social Science Research Network, 2008. p. 169-175.

Research output: Chapters, Conference Papers, Creative and Literary WorksRGC 32 - Refereed conference paper (with host publication)peer-review