Decision Model for the Security and Utility Risk Evaluation (SURE) Framework

被引:0
|
作者
Billard, Angela K. [1 ]
机构
[1] Def Sci & Technol Grp, Edinburgh, SA, Australia
来源
PROCEEDINGS OF THE AUSTRALASIAN COMPUTER SCIENCE WEEK MULTICONFERENCE (ACSW 2019) | 2019年
关键词
Cyber security; utility; operational requirement; risk; mitigation strategy; trade off;
D O I
10.1145/3290688.3290694
中图分类号
TP301 [理论、方法];
学科分类号
081202 ;
摘要
The Security and Utility Risk Evaluation (SURE) framework is a framework for specifying and calculating risk to enable dynamic and autonomous decisions about cyber security and utility risk in generic computer-based systems. The SURE framework's decision model provides the ability to select between multiple alternative mitigation strategies in order to optimise security and utility risk during the operation of a system. This paper presents the decision model of the SURE framework and an example illustrating how the decision model operates in a mobile networking scenario. The example shows that the SURE framework's decision model enables a better fit than existing security decision models between the context of the requested action, security and utility requirements and the selected mitigation strategy, giving greater flexibility to both policy makers and users.
引用
收藏
页数:11
相关论文
共 50 条
  • [31] Evaluation of the Risk and Security Overlay of ArchiMate to model Information System Security Risks
    Mayer, Nicolas
    Feltus, Christophe
    [J]. PROCEEDINGS OF THE 2017 IEEE 21ST INTERNATIONAL ENTERPRISE DISTRIBUTED OBJECT COMPUTING CONFERENCE WORKSHOPS AND DEMONSTRATIONS (EDOCW 2017), 2017, : 106 - 116
  • [32] Water security sustainability evaluation: Applying a multistage decision support framework in industrial region
    Nie, Ru-xin
    Tian, Zhang-peng
    Wang, Jian-qiang
    Zhang, Hong-yu
    Wang, Tie-li
    [J]. JOURNAL OF CLEANER PRODUCTION, 2018, 196 : 1681 - 1704
  • [33] A Security Practices Evaluation Framework
    Morrison, Patrick
    [J]. 2015 IEEE/ACM 37TH IEEE INTERNATIONAL CONFERENCE ON SOFTWARE ENGINEERING, VOL 2, 2015, : 935 - 938
  • [34] A FRAMEWORK FOR INFORMATION SECURITY EVALUATION
    VONSOLMS, R
    VANDEHAAR, H
    VONSOLMS, SH
    CAELLI, WJ
    [J]. INFORMATION & MANAGEMENT, 1994, 26 (03) : 143 - 153
  • [35] The REM framework for security evaluation
    Amato, Flora
    Casola, Valentina
    Mazzeo, Antonino
    Vittorini, Valeria
    [J]. ARES 2008: PROCEEDINGS OF THE THIRD INTERNATIONAL CONFERENCE ON AVAILABILITY, SECURITY AND RELIABILITY, 2008, : 1097 - 1103
  • [36] A measure of risk and a decision-making model based on expected utility and entropy
    Yang, JP
    Qiu, WH
    [J]. EUROPEAN JOURNAL OF OPERATIONAL RESEARCH, 2005, 164 (03) : 792 - 799
  • [37] Demo Abstract: SURE: An Experimentation and Evaluation Testbed for CPS Security and Resilience
    Neema, Himanshu
    Volgyesi, Peter
    Potteiger, Bradley
    Emfinger, William
    Koutsoukos, Xenofon
    Karsai, Gabor
    Vorobeychik, Yevgeniy
    Sztipanovits, Janos
    [J]. 2016 ACM/IEEE 7TH INTERNATIONAL CONFERENCE ON CYBER-PHYSICAL SYSTEMS (ICCPS), 2016,
  • [38] A checklist based evaluation framework to measure risk of information security management systems
    Mortazavi S.A.R.
    Safi-Esfahani F.
    [J]. International Journal of Information Technology, 2019, 11 (3) : 517 - 534
  • [39] A framework model for grid security
    Laccetti, G.
    Schmid, G.
    [J]. FUTURE GENERATION COMPUTER SYSTEMS-THE INTERNATIONAL JOURNAL OF GRID COMPUTING THEORY METHODS AND APPLICATIONS, 2007, 23 (05): : 702 - 713
  • [40] Research on Utility Evaluation of Grid Investment considering Risk Preference of Decision-Makers
    Wu, Hongliang
    Peng, Daoxin
    Wang, Ling
    [J]. MATHEMATICAL PROBLEMS IN ENGINEERING, 2020, 2020
12345