Modelling of cyber attacks and economic incentives Per Håkon Meland

Slides:

Advertisements

Similar presentations

Software Security Growth Modeling: Examining Vulnerabilities with Reliability Growth Models Andy Ozment Computer Security Group Computer Laboratory University.

Advertisements

CAP 252 Lecture Topic: Requirement Analysis Class Exercise: Use Cases.

Trust, Privacy, and Security Moderator: Bharat Bhargava Purdue University.

R R R CSE870: Advanced Software Engineering (Cheng): Intro to Software Engineering1 Advanced Software Engineering Dr. Cheng Overview of Software Engineering.

Review of the module: History of Computing ANU Faculty of Engineering and IT Department of Computer Science COMP1200 Perspectives on Computing Chris Johnson.

Technische Universität München The influence of software quality requirements on the suitability of software cost estimation methods 24th International.

COTS Based System Security Economics - A Stakeholder/Value Centric Approach Related tool demo session: COTS Based System Security Test-bed (Tiramisu) Tuesday.

Process management Basic concepts and stat-of-the art research.

What is Business Analysis Planning & Monitoring?

Topic: Information Security Risk Management Framework: China Aerospace Systems Engineering Corporation (Case Study) Supervisor: Dr. Raymond Choo Student:

Lecture 2 Risk Management Process 1. Risk management It paves the path for project management. It results in analysis of external & internal situations.

CSCE 548 Secure Software Development Test 1 Review.

Chapter 5: Requirement Engineering Process Omar Meqdadi SE 2730 Lecture 5 Department of Computer Science and Software Engineering University of Wisconsin-Platteville.

Implementing ‘quality assurance procedures’ in monetary and financial statistics (MFS) Q European conference on quality in statistics Vienna, 3 June.

Introduction to MAST Kristian Kidholm Odense University Hospital, Denmark.

Deliverable 2.6: Selective Editing Hannah Finselbach 1 and Orietta Luzi 2 1 ONS, UK 2 ISTAT, Italy.

Requirements Engineering ments_analysis.

Note: See the text itself for full citations. Information Technology Project Management, Seventh Edition.

Identifying needs and establishing requirements Data gathering for requirements.

Nuclear Research and consultancy Group European Radiation Survey Site Execution Manual Leo van Velzen ENVIRONET Kick-off meeting Vienna 23 – 26 November.

Software Engineering (CSI 321) Project Planning & Estimation 1.

Software Architecture Design Processes

Audit Evidence Process

Requirements Engineering ments_analysis.

S ystems Analysis Laboratory Helsinki University of Technology 1 Decision Analysis Raimo P. Hämäläinen Systems Analysis Laboratory Helsinki University.

Banaras Hindu University. A Course on Software Reuse by Design Patterns and Frameworks.

Cyber Insurance Collecting and Storing Cyber attack data using a Cyber Security Surveillance System (CS3) Presenter: Kasturi Balakrishnan.

-- 1  2011 John Mylopoulos The Requirements Problem in Social Computing John Mylopoulos University of Trento Panel discussion, Trento,

PRISMATICA: Security in Metro systems Nick Tyler Civil & Environmental Engineering.

Toward product architecture oriented requirements analysis for product line development in systems engineering Kei Kurakawa Nara Institute of Science and.

Introduction It had its early roots in World War II and is flourishing in business and industry with the aid of computer.

1 Requirements Elicitation – 2 Lecture # Requirements Engineering Process Requirements Elicitation Requirements Analysis and Negotiation Requirements.

Standard Process Steps in Statistics Robbert Renssen Statistics Netherlands Robbert Renssen and Astrea Camstra, Statistics Netherlands.

STEPS IN RESEARCH PROCESS 1. Identification of Research Problems This involves Identifying existing problems in an area of study (e.g. Home Economics),

Advanced Software Engineering Dr. Cheng

Security and resilience for Smart Hospitals Key findings

Introduction to Project Management

An Overview on Risk Management

Requirements Engineering for Services

Project Methodologies and Processes

Lecture 3 Prescriptive Process Models

Software Requirements

Security SIG in MTS 05th November 2013 DEG/MTS RISK-BASED SECURITY TESTING Fraunhofer FOKUS.

Cyber Offense vs. Cyber Defense: A Theoretical Framework

CHAPTER11 Project Risk Management

Software Engineering (CSI 321)

Facilitating the Growth of Prosumer Communities

Risk Management/Insurance, Real Estate and Legal Studies

School of Information Management Nanjing University China

HCS 465 Education for Service/tutorialrank.com

An Urgent National Imperative

Surafel Demissie, Frank Keenan, Özden Özcan-Top and Fergal McCaffery

An adversarial risk analysis framework for cybersecurity

Integrated Distribution Planning Process

Advancing Telemedicine Adoption in Europe – Developing capacities

Engineering design is the process of devising a system, component, or process to meet desired needs. It is a decision-making process in which the basic.

CS2S562 Secure Software Development

GODFREY HODGSON HOLMES TARCA

New Challenges Products sold online. - new technologies

Requirements Engineering Process – 1

Experimental Software Engineering (ESE)

International Classification of Functioning, Disability and Health (ICF) Jamie Pomeranz, PhD, CRC September 1, 2005.

Requirements Document

Page 46a Continued Advanced Engineering Mathematics by Erwin Kreyszig

ESTABLISHING CONSERVATION MEASURES FOR NATURA 2000 SITES

Getting Serious about Stakeholder Analysis

ISO and TR Update for FDA Regulated Industries

And now the Framework WP4.

Computer System Security

Presentation transcript:

Modelling of cyber attacks and economic incentives Per Håkon Meland

Main: How can threat models in combination with economic incentives improve cyber risk quantifications? Which economic incentive models can be used to improve the likelihood component in cyber risk estimations? (descriptive) What kind of data can be used as reliable input to models for economic incentives? What are the possible sources of such data (current and future)? How can generic threat models (and data) be specialized for individual organisations and/or domains? (normative) How can cyber security be combined with traditional safety considerations in domain specific threat modelling techniques? (normative) How can threat models be used to balance risk treatment options such as cyber insurance? (normative) How can specific threat models contribute to predications for macro- economic cyber risks? RQs

Design science research Background Security economics, e.g.: Ross Andersson and Tyler Moore, The Economics of Information Security, Science, 2006. Rainer Böhme and Gaile Schwartz, Modeling cyber- insurance: Towards a unifying framework, WEIS, 2010 Tyler Moore, Richard Clayton, and Ross Anderson. The economics of online crime. Journal of Economic Perspectives, 2009 Threat modelling, e.g.: Bagnato, A., Kordy, B., Meland, P. H., & Schweitzer, P. (2012). Attribute decoration of attack–defense trees. International Journal of Secure Software Engineering Shostack, A. (2014). Threat modeling: Designing for security. John Wiley & Sons. Chen, Y., Boehm, B., & Sheppard, L. (2007, January). Value driven security threat modeling based on attack path analysis. HICSS 2007. New artefact based on real-world problem Problem identification Literature research Interviews with stakeholders Solution design Mixed approach data collection Literature research II Evaluation Expert survey Laboratory experiment Case study