Combining Technical and Financial Impacts for Countermeasure Selection
This addresses the need for systematic reaction methodologies in information security, offering a practical tool for organizations to prioritize responses, though it appears incremental by building on existing threat evaluation approaches.
The paper tackles the problem of selecting security countermeasures by proposing a method that ranks candidates based on technical and financial impacts, including industrial evaluation and simulations to compute return on response investment, with a case study demonstrating applicability.
Research in information security has generally focused on providing a comprehensive interpretation of threats, vulnerabilities, and attacks, in particular to evaluate their danger and prioritize responses accordingly. Most of the current approaches propose advanced techniques to detect intrusions and complex attacks but few of these approaches propose well defined methodologies to react against a given attack. In this paper, we propose a novel and systematic method to select security countermeasures from a pool of candidates, by ranking them based on the technical and financial impact associated to each alternative. The method includes industrial evaluation and simulations of the impact associated to a given security measure which allows to compute the return on response investment for different candidates. A simple case study is proposed at the end of the paper to show the applicability of the model.