Presentation is loading. Please wait.

Presentation is loading. Please wait.

Modelling of cyber attacks and economic incentives Per Håkon Meland

Published byNeil Gilmore Modified over 6 years ago

Similar presentations

Presentation on theme: "Modelling of cyber attacks and economic incentives Per Håkon Meland"— Presentation transcript:

1 Modelling of cyber attacks and economic incentives Per Håkon Meland

2 Main: How can threat models in combination with economic incentives improve cyber risk quantifications? Which economic incentive models can be used to improve the likelihood component in cyber risk estimations? (descriptive) What kind of data can be used as reliable input to models for economic incentives? What are the possible sources of such data (current and future)? How can generic threat models (and data) be specialized for individual organisations and/or domains? (normative) How can cyber security be combined with traditional safety considerations in domain specific threat modelling techniques? (normative) How can threat models be used to balance risk treatment options such as cyber insurance? (normative) How can specific threat models contribute to predications for macro- economic cyber risks? RQs

3 Design science research
Background Security economics, e.g.: Ross Andersson and Tyler Moore, The Economics of Information Security, Science, 2006. Rainer Böhme and Gaile Schwartz, Modeling cyber- insurance: Towards a unifying framework, WEIS, 2010 Tyler Moore, Richard Clayton, and Ross Anderson. The economics of online crime. Journal of Economic Perspectives, 2009 Threat modelling, e.g.: Bagnato, A., Kordy, B., Meland, P. H., & Schweitzer, P. (2012). Attribute decoration of attack–defense trees. International Journal of Secure Software Engineering Shostack, A. (2014). Threat modeling: Designing for security. John Wiley & Sons. Chen, Y., Boehm, B., & Sheppard, L. (2007, January). Value driven security threat modeling based on attack path analysis. HICSS 2007. New artefact based on real-world problem Problem identification Literature research Interviews with stakeholders Solution design Mixed approach data collection Literature research II Evaluation Expert survey Laboratory experiment Case study

Download ppt "Modelling of cyber attacks and economic incentives Per Håkon Meland"

Similar presentations

Software Security Growth Modeling: Examining Vulnerabilities with Reliability Growth Models Andy Ozment Computer Security Group Computer Laboratory University.

Software Security Growth Modeling: Examining Vulnerabilities with Reliability Growth Models Andy Ozment Computer Security Group Computer Laboratory University.
CAP 252 Lecture Topic: Requirement Analysis Class Exercise: Use Cases.

CAP 252 Lecture Topic: Requirement Analysis Class Exercise: Use Cases.
Trust, Privacy, and Security Moderator: Bharat Bhargava Purdue University.

Trust, Privacy, and Security Moderator: Bharat Bhargava Purdue University.
R R R CSE870: Advanced Software Engineering (Cheng): Intro to Software Engineering1 Advanced Software Engineering Dr. Cheng Overview of Software Engineering.

R R R CSE870: Advanced Software Engineering (Cheng): Intro to Software Engineering1 Advanced Software Engineering Dr. Cheng Overview of Software Engineering.
Review of the module: History of Computing ANU Faculty of Engineering and IT Department of Computer Science COMP1200 Perspectives on Computing Chris Johnson.

Review of the module: History of Computing ANU Faculty of Engineering and IT Department of Computer Science COMP1200 Perspectives on Computing Chris Johnson.
Technische Universität München The influence of software quality requirements on the suitability of software cost estimation methods 24th International.

Technische Universität München The influence of software quality requirements on the suitability of software cost estimation methods 24th International.
COTS Based System Security Economics - A Stakeholder/Value Centric Approach Related tool demo session: COTS Based System Security Test-bed (Tiramisu) Tuesday.

COTS Based System Security Economics - A Stakeholder/Value Centric Approach Related tool demo session: COTS Based System Security Test-bed (Tiramisu) Tuesday.
Process management Basic concepts and stat-of-the art research.

Process management Basic concepts and stat-of-the art research.
What is Business Analysis Planning & Monitoring?

What is Business Analysis Planning & Monitoring?
Topic: Information Security Risk Management Framework: China Aerospace Systems Engineering Corporation (Case Study) Supervisor: Dr. Raymond Choo Student:

Topic: Information Security Risk Management Framework: China Aerospace Systems Engineering Corporation (Case Study) Supervisor: Dr. Raymond Choo Student:
Lecture 2 Risk Management Process 1. Risk management It paves the path for project management. It results in analysis of external & internal situations.

Lecture 2 Risk Management Process 1. Risk management It paves the path for project management. It results in analysis of external & internal situations.
CSCE 548 Secure Software Development Test 1 Review.

CSCE 548 Secure Software Development Test 1 Review.
Chapter 5: Requirement Engineering Process Omar Meqdadi SE 2730 Lecture 5 Department of Computer Science and Software Engineering University of Wisconsin-Platteville.

Chapter 5: Requirement Engineering Process Omar Meqdadi SE 2730 Lecture 5 Department of Computer Science and Software Engineering University of Wisconsin-Platteville.
Implementing ‘quality assurance procedures’ in monetary and financial statistics (MFS) Q2014 - European conference on quality in statistics Vienna, 3 June.

Implementing ‘quality assurance procedures’ in monetary and financial statistics (MFS) Q European conference on quality in statistics Vienna, 3 June.
Introduction to MAST Kristian Kidholm Odense University Hospital, Denmark.

Introduction to MAST Kristian Kidholm Odense University Hospital, Denmark.
Deliverable 2.6: Selective Editing Hannah Finselbach 1 and Orietta Luzi 2 1 ONS, UK 2 ISTAT, Italy.

Deliverable 2.6: Selective Editing Hannah Finselbach 1 and Orietta Luzi 2 1 ONS, UK 2 ISTAT, Italy.
Requirements Engineering ments_analysis.

Requirements Engineering ments_analysis.
Note: See the text itself for full citations. Information Technology Project Management, Seventh Edition.

Note: See the text itself for full citations. Information Technology Project Management, Seventh Edition.
Identifying needs and establishing requirements Data gathering for requirements.

Identifying needs and establishing requirements Data gathering for requirements.
Nuclear Research and consultancy Group European Radiation Survey Site Execution Manual Leo van Velzen ENVIRONET Kick-off meeting Vienna 23 – 26 November.

Nuclear Research and consultancy Group European Radiation Survey Site Execution Manual Leo van Velzen ENVIRONET Kick-off meeting Vienna 23 – 26 November.

Similar presentations

Ads by Google