An Approach to Select Cost-Effective Risk Countermeasures

Abstract

Security risk analysis should be conducted regularly to maintain an acceptable level of security. In principle, all risks that are unacceptable according to the predefined criteria should be mitigated. However, risk mitigation comes at a cost, and only the countermeasures that cost-efficiently mitigate risks should be implemented. This paper presents an approach to integrate the countermeasure cost-benefit assessment into the risk analysis and to provide decision makers with the necessary decision support. The approach comes with the necessary modeling support, a calculus for reasoning about the countermeasure cost and effect, as well as means for visualization of the results to aid decision makers.

Language

English

Author(s)

Le Minh Sang Tran
Bjørnar Solhaug
Ketil Stølen

Affiliation

SINTEF Digital / Sustainable Communication Technologies
University of Trento
University of Oslo

Year

2013

Publisher

Springer

Book

Data and Applications Security and Privacy XXVII. 27th Annual IFIP WG 11.3 Conference, DBSec 2013, Newark, NJ, USA, July 15-17, 2013. Proceedings

ISBN

9783642392559

Page(s)

266 - 273

External resources

https://link.springer.com/chapter/10.1007/978-3-642-39256-6_18

DOI

https://doi.org/10.1007/978-3-642-39256-6_18

View this publication at Norwegian Research Information Repository

Contact us

Our services

Career

Sustainability

Management and board

Institutes

Other units

About us

Follow us