Combining Technical and Financial Impacts for Countermeasure Selection

TL;DR

This paper introduces a systematic method for selecting security countermeasures by evaluating their technical and financial impacts, including simulations to estimate return on investment, demonstrated through a case study.

Contribution

It presents a novel approach combining technical and financial impact assessments for countermeasure selection, with industrial evaluation and simulation components.

Findings

Method effectively ranks countermeasures based on impact analysis.

Simulation results demonstrate practical applicability.

Case study validates the approach's usefulness.

Abstract

Research in information security has generally focused on providing a comprehensive interpretation of threats, vulnerabilities, and attacks, in particular to evaluate their danger and prioritize responses accordingly. Most of the current approaches propose advanced techniques to detect intrusions and complex attacks but few of these approaches propose well defined methodologies to react against a given attack. In this paper, we propose a novel and systematic method to select security countermeasures from a pool of candidates, by ranking them based on the technical and financial impact associated to each alternative. The method includes industrial evaluation and simulations of the impact associated to a given security measure which allows to compute the return on response investment for different candidates. A simple case study is proposed at the end of the paper to show the applicability of the model.