From Lemons to Peaches: Improving Security ROI through Security Chaos   Engineering

Kelly Shortridge

arXiv:2307.03796·cs.CR·July 11, 2023

From Lemons to Peaches: Improving Security ROI through Security Chaos Engineering

Kelly Shortridge

PDF

TL;DR

Security Chaos Engineering enhances security ROI by reducing attack impacts and providing evidence for system improvements, addressing the limitations of traditional security approaches.

Contribution

This paper introduces Security Chaos Engineering as a novel paradigm that improves security ROI through proactive chaos experiments and continuous system resilience enhancement.

Findings

01

Security Chaos Engineering reduces attack impacts effectively.

02

It provides valuable evidence for system design improvements.

03

Enhances ROI compared to traditional security methods.

Abstract

Traditional information security presents a poor ROI: payoffs only manifest when attacks are successfully prevented. In a reality where attacks are inevitable, subpar returns are therefore inevitable. The emerging paradigm of Security Chaos Engineering offers a more remunerative and reliable ROI by minimizing attack impacts and generating valuable evidence to inform continuous improvement of system design and operation.

Peer Reviews

No public reviews on file for this paper yet. If you reviewed it on a platform where reviews are public (OpenReview, ICLR, NeurIPS, ICML), you can paste yours below so the community can read it here.

Videos

No videos yet. Explain this paper in a talk, walkthrough, or lecture? Add one.