Information assurance techniques: Perceived cost effectiveness

Jose M. Such; Antonios Gouglidis; William Knowles; Gaurav Misra; Awais Rashid

doi:10.1016/j.cose.2016.03.009

Information assurance techniques: Perceived cost effectiveness

Jose M. Such, Antonios Gouglidis, William Knowles, Gaurav Misra, Awais Rashid

Department of Computer Science

Research output: Contribution to journal › Article (Academic Journal) › peer-review

Abstract

The assurance technique is a fundamental component of the assurance ecosystem; it is the mechanism by which we assess security to derive a measure of assurance. Despite this importance, the characteristics of these assurance techniques have not been comprehensively explored within academic research from the perspective of industry stakeholders. Here, a framework of 20 “assurance techniques” is defined along with their interdependencies. A survey was conducted which received 153 responses from industry stakeholders, in order to determine perceptions of the characteristics of these assurance techniques. These characteristics include the expertise required, number of people required, time required for completion, effectiveness and cost. The extent to which perceptions differ between those in practitioner and management roles is considered. The findings were then used to compute a measure of cost-effectiveness for each assurance technique. Survey respondents were also asked about their perceptions of complementary assurance techniques. These findings were used to establish 15 combinations, of which the combined effectiveness and cost-effectiveness was assessed.

Original language	English
Pages (from-to)	117-133
Number of pages	17
Journal	Computers and Security
Volume	60
Early online date	14 Apr 2016
DOIs	https://doi.org/10.1016/j.cose.2016.03.009
Publication status	Published - Jul 2016

Structured keywords

Cyber Security

Access to Document

10.1016/j.cose.2016.03.009

http://eprints.lancs.ac.uk/78969/Licence: CC BY-NC-ND

Fingerprint Dive into the research topics of 'Information assurance techniques: Perceived cost effectiveness'. Together they form a unique fingerprint.

1 Finished

MUMBA: Multi-faceted Metrics for ICS Business Risk Analysis
Rashid, A.
1/10/14 → 31/12/17
Project: Research

Cite this

@article{ea70f14c3369409cbcf5a4c92a4511f8,

title = "Information assurance techniques: Perceived cost effectiveness",

abstract = "The assurance technique is a fundamental component of the assurance ecosystem; it is the mechanism by which we assess security to derive a measure of assurance. Despite this importance, the characteristics of these assurance techniques have not been comprehensively explored within academic research from the perspective of industry stakeholders. Here, a framework of 20 “assurance techniques” is defined along with their interdependencies. A survey was conducted which received 153 responses from industry stakeholders, in order to determine perceptions of the characteristics of these assurance techniques. These characteristics include the expertise required, number of people required, time required for completion, effectiveness and cost. The extent to which perceptions differ between those in practitioner and management roles is considered. The findings were then used to compute a measure of cost-effectiveness for each assurance technique. Survey respondents were also asked about their perceptions of complementary assurance techniques. These findings were used to establish 15 combinations, of which the combined effectiveness and cost-effectiveness was assessed.",

author = "Such, {Jose M.} and Antonios Gouglidis and William Knowles and Gaurav Misra and Awais Rashid",

year = "2016",

month = jul,

doi = "10.1016/j.cose.2016.03.009",

language = "English",

volume = "60",

pages = "117--133",

journal = "Computers and Security",

issn = "0167-4048",

publisher = "North-Holland Publishing Company",

}

TY - JOUR

T1 - Information assurance techniques

T2 - Perceived cost effectiveness

AU - Such, Jose M.

AU - Gouglidis, Antonios

AU - Knowles, William

AU - Misra, Gaurav

AU - Rashid, Awais

PY - 2016/7

Y1 - 2016/7

N2 - The assurance technique is a fundamental component of the assurance ecosystem; it is the mechanism by which we assess security to derive a measure of assurance. Despite this importance, the characteristics of these assurance techniques have not been comprehensively explored within academic research from the perspective of industry stakeholders. Here, a framework of 20 “assurance techniques” is defined along with their interdependencies. A survey was conducted which received 153 responses from industry stakeholders, in order to determine perceptions of the characteristics of these assurance techniques. These characteristics include the expertise required, number of people required, time required for completion, effectiveness and cost. The extent to which perceptions differ between those in practitioner and management roles is considered. The findings were then used to compute a measure of cost-effectiveness for each assurance technique. Survey respondents were also asked about their perceptions of complementary assurance techniques. These findings were used to establish 15 combinations, of which the combined effectiveness and cost-effectiveness was assessed.

AB - The assurance technique is a fundamental component of the assurance ecosystem; it is the mechanism by which we assess security to derive a measure of assurance. Despite this importance, the characteristics of these assurance techniques have not been comprehensively explored within academic research from the perspective of industry stakeholders. Here, a framework of 20 “assurance techniques” is defined along with their interdependencies. A survey was conducted which received 153 responses from industry stakeholders, in order to determine perceptions of the characteristics of these assurance techniques. These characteristics include the expertise required, number of people required, time required for completion, effectiveness and cost. The extent to which perceptions differ between those in practitioner and management roles is considered. The findings were then used to compute a measure of cost-effectiveness for each assurance technique. Survey respondents were also asked about their perceptions of complementary assurance techniques. These findings were used to establish 15 combinations, of which the combined effectiveness and cost-effectiveness was assessed.

U2 - 10.1016/j.cose.2016.03.009

DO - 10.1016/j.cose.2016.03.009

M3 - Article (Academic Journal)

VL - 60

SP - 117

EP - 133

JO - Computers and Security

JF - Computers and Security

SN - 0167-4048

ER -

Information assurance techniques: Perceived cost effectiveness

Abstract

Structured keywords

Access to Document

MUMBA: Multi-faceted Metrics for ICS Business Risk Analysis

Cite this