Modeling of Risk Factors in Determining Network Security Level

This paper provides a series of work on risk management models to identify the assets and risks. The goal of modeling them is to analyze and calculate meaning of the level of security in the cyber world. Analyzing and calculating was done by the quantitative method, so that the investment decision in security tools were expected to be objective, which were based on performance and situational experiences in an organization. Risk management was then associated with the calculation of costs that may occur with the point of view of the financial aspects of ROI/CBA, such as NPV, IRR, and ROI, so it can be measured in the level of security of the organization and can be maintained within a certain period. Our model consisted sixteen formulas that can show the increasing level of security based on the cost.

[1]  H. Walker,et al.  Risk in supply networks , 2003 .

[2]  B. P. Titarenko,et al.  ‘Robust technology’ in risk management , 1997 .

[3]  Jonathan Goldstein,et al.  The interdependent security problem in the defense industrial base: An agent-based model on a social network , 2010, Int. J. Crit. Infrastructure Prot..

[4]  Haibo Wang,et al.  Hybrid pattern matching for trusted intrusion detection , 2011, Secur. Commun. Networks.

[5]  Mehdi R. Zargham,et al.  Analysis of the security of VPN configurations in industrial control environments , 2012, Int. J. Crit. Infrastructure Prot..

[6]  Aura Reggiani,et al.  Network resilience for transport security: Some methodological considerations , 2013 .

[7]  Adriano Valenzano,et al.  Improving the security of industrial networks by means of formal verification , 2007, Comput. Stand. Interfaces.

[8]  Carsten Maple,et al.  A novel risk assessment and optimisation model for a multi-objective network security countermeasure selection problem , 2012, Decis. Support Syst..

[9]  Ig Ibert Bittencourt,et al.  A survey of security in multi-agent systems , 2012, Expert Syst. Appl..

[10]  Young Hoon Lee,et al.  Integrated framework of risk evaluation and risk allocation with bounded data , 2012, Expert Syst. Appl..

[11]  Chi-Chun Lo,et al.  A hybrid information security risk assessment procedure considering interdependences between controls , 2012, Expert Syst. Appl..

[12]  Borka Jerman-Blazic,et al.  Managing the investment in information security technology by use of a quantitative modeling , 2012, Inf. Process. Manag..

[13]  Young U. Ryu,et al.  Network externalities, layered protection and IT security risk management , 2007, Decis. Support Syst..

[14]  Byung Cho Kim,et al.  Security versus convenience? An experimental study of user misperceptions of wireless internet service quality , 2012, Decis. Support Syst..

[15]  Julian Williams,et al.  Information security trade-offs and optimal patching policies , 2012, Eur. J. Oper. Res..