On metrics and prioritization of investments in hardware security

被引：1

作者：

Collier, Zachary A. ^{[1
]}

Briglia, Brett ^{[2
]}

Finkelston, Tom ^{[2
]}

Manasco, Mark C. ^{[3
]}

Slutzky, David L. ^{[2
]}

Lambert, James H. ^{[2
]}

机构：

[1] Radford Univ, Radford, VA 24142 USA

[2] Univ Virginia, Charlottesville, VA USA

[3] Commonwealth Ctr Adv Logist Syst, Petersburg, VA USA

来源：

SYSTEMS ENGINEERING | 2023年 / 26卷 / 04期

基金：

美国国家科学基金会;

关键词：

hardware security; key performance indicators; return on security investment (ROSI); risk management; security economics; systems engineering; CYBER RISK;

D O I：

10.1002/sys.21667

中图分类号：

T [工业技术];

学科分类号：

08 ;

摘要：

The security risks posed by electronics are numerous. There are typically a variety of risk-reducing countermeasures for a given system or across an enterprise. Each countermeasure is associated with both a level of risk reduction and its lifecycle costs. Given budgetary constraints, risk managers and systems engineers must determine what combinations of countermeasures cost-effectively maximize risk reduction, and what metrics best guide the investment process. In this paper, we seek to answer these questions through exploration of risk reduction metrics from the field of security economics, including the benefit/cost ratio, return on security investment (ROSI), expected benefit of information security (EBIS), and expected net benefit of information security (ENBIS). The results suggest that ratio-based metrics are not strongly correlated with risk reduction, while EBIS is equivalent to risk reduction and ENBIS is equal to risk reduction minus cost.

引用

页码：425 / 437

页数：13

共 50 条

[1] Hardware Security: Threat Models and Metrics
Rostami, M.
Koushanfar, F.
Rajendran, J.
Karri, R.
[J]. 2013 IEEE/ACM INTERNATIONAL CONFERENCE ON COMPUTER-AIDED DESIGN (ICCAD), 2013, : 819 - 823
[2] A Primer on Hardware Security: Models, Methods, and Metrics
Rostami, Masoud
Koushanfar, Farinaz
Karri, Ramesh
[J]. PROCEEDINGS OF THE IEEE, 2014, 102 (08) : 1283 - 1295
[3] Security metrics for power based SCA resistant hardware implementation
Park, Jungmin
Tyagi, Akhilesh
[J]. 2016 29TH INTERNATIONAL CONFERENCE ON VLSI DESIGN AND 2016 15TH INTERNATIONAL CONFERENCE ON EMBEDDED SYSTEMS (VLSID), 2016, : 541 - 546
[4] Analysis and Prioritization of Design Metrics
Garg, Ritu
Singh, R. K.
[J]. INTERNATIONAL CONFERENCE ON COMPUTATIONAL INTELLIGENCE AND DATA SCIENCE, 2020, 167 : 1495 - 1504
[5] SECURITY INVESTMENTS
KRISTELLER, AR
[J]. AMERICAN JOURNAL OF ORTHODONTICS, 1967, 53 (01): : 34 - +
[6] PRIORITIZATION OF IT SECURITY ACTIVITIES
Mihut, Marius
[J]. INDUSTRIAL REVOLUTIONS, FROM THE GLOBALIZATION AND POST-GLOBALIZATION PERSPECTIVE, VOL V: ECONOMIC INFORMATION TECHNOLOGY IN THE AVANT-GARDE OF CHANGE, 2009, : 138 - 143
[7] Prioritization of Stakeholder Value Using Metrics
Brodie, Lindsey
Woodman, Mark
[J]. EVALUATION OF NOVEL APPROACHES TO SOFTWARE ENGINEERING, 2011, 230 : 74 - 88
[8] STRUCTURED PRIORITIZATION APPROACH FOR MAXIMIZING THE BENEFITS OF PROGRAMMATIC INVESTMENTS
Kirk, Paula G.
Collazo, Yvette T.
Szilagyi, Andrew P.
Seed, Ian
[J]. TECHNOLOGY AND INNOVATION, 2011, 13 (02) : 165 - 174
[9] Test Case Prioritization with Textual Comparison Metrics
Tumeng, Rooster
Jawawi, Dayang Norhayati Abang
Isa, Mohd Adham
[J]. 2015 9TH MALAYSIAN SOFTWARE ENGINEERING CONFERENCE (MYSEC2015), 2015, : 7 - 12
[10] A Revisit of Metrics for Test Case Prioritization Problems
Wang, Ziyuan
Fang, Chunrong
Chen, Lin
Zhang, Zhiyi
[J]. INTERNATIONAL JOURNAL OF SOFTWARE ENGINEERING AND KNOWLEDGE ENGINEERING, 2020, 30 (08) : 1139 - 1167

← 1 2 3 4 5 →