Decision Model for the Security and Utility Risk Evaluation (SURE) Framework

被引:0
|
作者
Billard, Angela K. [1 ]
机构
[1] Def Sci & Technol Grp, Edinburgh, SA, Australia
来源
PROCEEDINGS OF THE AUSTRALASIAN COMPUTER SCIENCE WEEK MULTICONFERENCE (ACSW 2019) | 2019年
关键词
Cyber security; utility; operational requirement; risk; mitigation strategy; trade off;
D O I
10.1145/3290688.3290694
中图分类号
TP301 [理论、方法];
学科分类号
081202 ;
摘要
The Security and Utility Risk Evaluation (SURE) framework is a framework for specifying and calculating risk to enable dynamic and autonomous decisions about cyber security and utility risk in generic computer-based systems. The SURE framework's decision model provides the ability to select between multiple alternative mitigation strategies in order to optimise security and utility risk during the operation of a system. This paper presents the decision model of the SURE framework and an example illustrating how the decision model operates in a mobile networking scenario. The example shows that the SURE framework's decision model enables a better fit than existing security decision models between the context of the requested action, security and utility requirements and the selected mitigation strategy, giving greater flexibility to both policy makers and users.
引用
收藏
页数:11
相关论文
共 50 条
  • [1] IT security auditing: A performance evaluation decision model
    Herath, Hemantha S. B.
    Herath, Tejaswini C.
    [J]. DECISION SUPPORT SYSTEMS, 2014, 57 : 54 - 63
  • [2] SECURITY LEVEL, POTENTIAL LEVEL, EXPECTED UTILITY - A 3-CRITERIA DECISION-MODEL UNDER RISK
    COHEN, M
    [J]. THEORY AND DECISION, 1992, 33 (02) : 101 - 134
  • [3] Evaluation Framework for Electric Vehicle Security Risk Assessment
    Shirvani, Soheil
    Baseri, Yaser
    Ghorbani, Ali
    [J]. IEEE TRANSACTIONS ON INTELLIGENT TRANSPORTATION SYSTEMS, 2024, 25 (01) : 33 - 56
  • [4] A decision model based security risk management approach
    Bhattacharya, Somak
    Ghosh, S. K.
    [J]. IMECS 2008: INTERNATIONAL MULTICONFERENCE OF ENGINEERS AND COMPUTER SCIENTISTS, VOLS I AND II, 2008, : 1194 - 1199
  • [5] Bayesian Decision Network-Based Security Risk Management Framework
    Masoud Khosravi-Farmad
    Abbas Ghaemi-Bafghi
    [J]. Journal of Network and Systems Management, 2020, 28 : 1794 - 1819
  • [6] Bayesian Decision Network-Based Security Risk Management Framework
    Khosravi-Farmad, Masoud
    Ghaemi-Bafghi, Abbas
    [J]. JOURNAL OF NETWORK AND SYSTEMS MANAGEMENT, 2020, 28 (04) : 1794 - 1819
  • [7] A knowledge-based alert evaluation and security decision support framework
    Yu, JQ
    Reddy, R
    Selliah, S
    Reddy, S
    [J]. SAM '05: Proceedings of the 2005 International Conference on Security and Management, 2005, : 194 - 200
  • [8] A Dynamic Obfuscation Framework for Security and Utility
    Wintenberg, Andrew
    Blischke, Matthew
    Lafortune, Stephane
    Ozay, Necmiye
    [J]. 2022 13TH ACM/IEEE INTERNATIONAL CONFERENCE ON CYBER-PHYSICAL SYSTEMS (ICCPS 2022), 2022, : 236 - 246
  • [9] Security risk factors: ANP model for risk management decision making
    Brozova, Helena
    Rydval, Jan
    Sup, Libor
    Sadok, Moufida
    Bednar, Peter
    [J]. 33RD INTERNATIONAL CONFERENCE MATHEMATICAL METHODS IN ECONOMICS (MME 2015), 2015, : 74 - 79
  • [10] Evaluation and Analysis on Security Framework Model of Cloud Computing
    Li, Zhao
    [J]. PROCEEDINGS OF THE 2015 4TH INTERNATIONAL CONFERENCE ON COMPUTER, MECHATRONICS, CONTROL AND ELECTRONIC ENGINEERING (ICCMCEE 2015), 2015, 37 : 572 - 578
12345