Assessing the Value of Investments in Network Security Operations: A Systems Analytics Approach

J Griffin, B Monahan, D Pym, M Wonham, M Yearworth

Research output: Chapter in Book/Report/Conference proceedingConference Contribution (Conference Proceeding)

Abstract

Assessing the value of investments in network security operations remains a challenging problem. We suggest that an essential component of an analysis of this problem must be an account of the structure of the system/network and the services it is intended to deliver. We apply the methods of classical applied mathematics- using tools drawn from algebra, logic, probability theory, and theoretical computer science- to represent systems, services, and information flows in order to assess the value of network and security operations deployed in response to environmental threats and the requirements of business alignment. We use Monte Carlo experimentation to explore the levels of investment in, and trade-offs between, operations staff and security control devices necessary to maintain network availability of value determined by a given Service Level Agreement. We conclude that our methods deliver useful analyses and identify necessary future work required properly to integrate models of spatially distributed networks, stochastic environmental behaviour, and system value.
Translated title of the contributionAssessing the Value of Investments in Network Security Operations: A Systems Analytics Approach
Original languageEnglish
Title of host publicationThe 6th Workshop on the Economics of Information Security (WEIS 2007), CMU, Pittsburgh PA, USA
Publication statusPublished - 8 Jun 2007

Bibliographical note

Conference Organiser: Workshop on the Economics of Information Security

Fingerprint Dive into the research topics of 'Assessing the Value of Investments in Network Security Operations: A Systems Analytics Approach'. Together they form a unique fingerprint.

  • Cite this

    Griffin, J., Monahan, B., Pym, D., Wonham, M., & Yearworth, M. (2007). Assessing the Value of Investments in Network Security Operations: A Systems Analytics Approach. In The 6th Workshop on the Economics of Information Security (WEIS 2007), CMU, Pittsburgh PA, USA http://citeseerx.ist.psu.edu/viewdoc/summary?doi=10.1.1.94.9373