Assessing & Quantifying the Loss of Network Intrusion

Despite the increasing frequency and cost of network security breaches, many organizations still question the need to invest in security technology. This paper utilizes a Bayesian influence diagram in conjunction with a decision tree to quantify the cost of network intrusion. Quantifying this cost permits managers to compare the loss associated with network security breaches with the cost of utilizing appropriate IS security technology. The model developed within is applied to a simple example of a firewall implementation.

[1]  Donn B. Parker,et al.  Fighting computer crime , 1983 .

[2]  J. van Leeuwen,et al.  Information Security , 2003, Lecture Notes in Computer Science.

[3]  Karen A. Forcht,et al.  Developing a Computer Security Policy for Organizational Use and Implementation , 2001, J. Comput. Inf. Syst..

[4]  D. Parker Crime by computer , 1976 .

[5]  Detmar W. Straub,et al.  Controlling Computer Abuse: am Empirical Study of Effective Security Countermeasures , 1987, ICIS.

[6]  Katherine L. Morse,et al.  The Security-Specific Eight Stage Risk Assessment Methodology , 1994 .

[7]  Evan I. Schwartz,et al.  Webonomics : Nine Essential Principles for Growing Your Business on the World Wide Web , 1997 .

[8]  Detmar W. Straub,et al.  Effective IS Security: An Empirical Study , 1990, Inf. Syst. Res..

[9]  Detmar W. Straub,et al.  Coping With Systems Risk: Security Planning Models for Management Decision Making , 1998, MIS Q..

[10]  Houston H. Carr,et al.  Threats to Information Systems: Today's Reality, Yesterday's Understanding , 1992, MIS Q..

[11]  Donald R. Cooper Schindler Business Research Methods - 8/E , 2004 .

[12]  RICHAFID BASKERVILLE,et al.  Information systems security design methods: implications for information systems development , 1993, CSUR.

[13]  Martin P. Loeb,et al.  CSI/FBI Computer Crime and Security Survey , 2004 .

[14]  Charles S. Tapiero,et al.  Computer backup pools, disaster recovery, and default risk , 1988, CACM.

[15]  Karen A. Forcht,et al.  Computer Security Management , 1993 .

[16]  J. Kagan,et al.  Rational choice in an uncertain world , 1988 .

[17]  Michael E. Whitman Enemy at the gate: threats to information security , 2003, CACM.