Fast-growing numbers of technologies and devices make cyber security landscape more complicated and require more accurate models. This complexity challenges cyber security experts to devise a better solution to manage cyber risks. One of the promising methods is to find the best distribution of security expenditure for risk mitigation and transfer (i.e. cyber insurance) options. In this work, we propose a solution to find the optimal security investments when there is a cyber insurance option by applying a time-to-compromise metric to the probability of attack computation. In particular, we find the best set of countermeasures which decreases the maximum number of vulnerabilities to increase the required time to compromise a system. Our approach is based on a multiple-objective knapsack problem for the selection of countermeasures and we find the best distribution of security expenditure by computing the time-to-compromise metric which eventually defines the probability of attack.

Cyber insurance and time-to-compromise: An integrated approach / Uuganbayar, Ganbayar; Massacci, F.; Yautsiukhin, A.; Martinelli, F.. - STAMPA. - (2019), pp. 1-8. (Intervento presentato al convegno 2019 International Conference on Cyber Situational Awareness, Data Analytics and Assessment, Cyber SA 2019 tenutosi a Department of Computer Science, University of Oxford, Wolfson Building Parks Road, gbr nel 03-04 June 2019) [10.1109/CyberSA.2019.8899442].

Cyber insurance and time-to-compromise: An integrated approach

Uuganbayar, Ganbayar;Massacci F.;
2019-01-01

Abstract

Fast-growing numbers of technologies and devices make cyber security landscape more complicated and require more accurate models. This complexity challenges cyber security experts to devise a better solution to manage cyber risks. One of the promising methods is to find the best distribution of security expenditure for risk mitigation and transfer (i.e. cyber insurance) options. In this work, we propose a solution to find the optimal security investments when there is a cyber insurance option by applying a time-to-compromise metric to the probability of attack computation. In particular, we find the best set of countermeasures which decreases the maximum number of vulnerabilities to increase the required time to compromise a system. Our approach is based on a multiple-objective knapsack problem for the selection of countermeasures and we find the best distribution of security expenditure by computing the time-to-compromise metric which eventually defines the probability of attack.
2019
2019 International Conference on Cyber Situational Awareness, Data Analytics and Assessment, Cyber SA 2019
USA
Institute of Electrical and Electronics Engineers Inc.
978-1-7281-0232-0
Uuganbayar, Ganbayar; Massacci, F.; Yautsiukhin, A.; Martinelli, F.
Cyber insurance and time-to-compromise: An integrated approach / Uuganbayar, Ganbayar; Massacci, F.; Yautsiukhin, A.; Martinelli, F.. - STAMPA. - (2019), pp. 1-8. (Intervento presentato al convegno 2019 International Conference on Cyber Situational Awareness, Data Analytics and Assessment, Cyber SA 2019 tenutosi a Department of Computer Science, University of Oxford, Wolfson Building Parks Road, gbr nel 03-04 June 2019) [10.1109/CyberSA.2019.8899442].
File in questo prodotto:
File Dimensione Formato  
Cyber_Insurance_and_Time-to-Compromise_An_Integrated_Approach.pdf

Solo gestori archivio

Tipologia: Versione editoriale (Publisher’s layout)
Licenza: Tutti i diritti riservati (All rights reserved)
Dimensione 248.57 kB
Formato Adobe PDF
248.57 kB Adobe PDF   Visualizza/Apri

I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione

Utilizza questo identificativo per citare o creare un link a questo documento: https://hdl.handle.net/11572/251144
Citazioni
  • ???jsp.display-item.citation.pmc??? ND
  • Scopus 1
  • ???jsp.display-item.citation.isi??? 0
social impact