Assessing the value of investments in network security operations remains a challenging problem. We suggest that an essential component of an analysis of this problem must be an account of the structure of the system/network and the services it is intended to deliver. We apply the methods of classical applied mathematics- using tools drawn from algebra, logic, probability theory, and theoretical computer science- to represent systems, services, and information flows in order to assess the value of network and security operations deployed in response to environmental threats and the requirements of business alignment. We use Monte Carlo experimentation to explore the levels of investment in, and trade-offs between, operations staff and security control devices necessary to maintain network availability of value determined by a given Service Level Agreement. We conclude that our methods deliver useful analyses and identify necessary future work required properly to integrate models of spatially distributed networks, stochastic environmental behaviour, and system value.
|Translated title of the contribution||Assessing the Value of Investments in Network Security Operations: A Systems Analytics Approach|
|Title of host publication||The 6th Workshop on the Economics of Information Security (WEIS 2007), CMU, Pittsburgh PA, USA|
|Publication status||Published - 8 Jun 2007|