Presentation is loading. Please wait.

Presentation is loading. Please wait.

Network Security Pricing and Economics David Naccache

Published byEthel Jacobs Modified over 9 years ago

Similar presentations

Presentation on theme: "Network Security Pricing and Economics David Naccache"— Presentation transcript:

1 Network Security Pricing and Economics David Naccache david.naccache@ens.fr

2 Security seen economically… Probability of threat materialization. Loss when threat materializes. Cost of countermeasures. Probability that countermeasures work.

3 Security seen economically… Probability of threat materialization. p[i] Loss when threat materializes. L[i] Cost of countermeasures. C[j, parameters] Probability that countermeasures work. q[j,i, parameters]

4 Example Probability of threat materialization. p[i] –p[“virus attack/day”]=1/1000 –p[“DoS attack/day”]=1/300 –p[“SQL injection/day”]=1/1000 etc. Hard to estimate precisely Threats are not independent events

5 Example Loss when threat materializes. L[i] –L[“virus attack/day”]=€2000 –L[“DoS attack/day”]=€1300 –L[“SQL injection/day”]=€10000 etc. Fairly easy to estimate

6 Cost of countermeasures. C[j, parameters] –C[“Norton”,weekly update]=€200 –C[“Norton”, monthly update]=€100 –C[“Norton”, no firewall option]=€50 –C[“Checkpoint”, standard ver.]=€500 –C[“Spam Assassin”, (no options)]=€0 etc. Some choices are incompatible. Parameters can be discrete or continuous Easy to estimate precisely Example

7 Probability that countermeasures work. q[j,i, parameters] Countermeasure j bought with “parameters” will reduce risk p[i] to q[j,i, parameters] Hard to estimate precisely Example

8 A complex bayesian optimisation problem. –Continuous and non continuous variables. –Find algorithmic approaches to tackle it. –Propose a “clean” (simplified) model. Assuming that probabilities are correctly assessed. –Benchmark model against reality. Current enterprise approaches are empiric –Based on individual experience –Based on standards (de facto) –Based on legacy systems… The Challenges

9 The Opportunity Bring together: –Security specialists –Mathematicians –Economists Target-rich academic / industrial area.

Download ppt "Network Security Pricing and Economics David Naccache"

Similar presentations

ABSTRACT Due to the Internets sheer size, complexity, and various routing policies, it is difficult if not impossible to locate the causes of large volumes.

ABSTRACT Due to the Internets sheer size, complexity, and various routing policies, it is difficult if not impossible to locate the causes of large volumes.
Brief-out: Isolation Working Group Topic discussion leader: Ken Birman.

Brief-out: Isolation Working Group Topic discussion leader: Ken Birman.
University of the Aegean, Greece Modelling and Economics of IT Risk Management and Insurance Stefanos Gritzalis Costas Lambrinoudakis Dept. of Information.

University of the Aegean, Greece Modelling and Economics of IT Risk Management and Insurance Stefanos Gritzalis Costas Lambrinoudakis Dept. of Information.
© 2012 Jones et al: Strategic Managerial Accounting: Hospitality, Tourism & Events Applications 6thedition, Goodfellow Publishers Chapter 6 Pricing Decisions.

© 2012 Jones et al: Strategic Managerial Accounting: Hospitality, Tourism & Events Applications 6thedition, Goodfellow Publishers Chapter 6 Pricing Decisions.
Chapter 25 Risk Assessment. Introduction Risk assessment is the evaluation of distributions of outcomes, with a focus on the worse that might happen.

Chapter 25 Risk Assessment. Introduction Risk assessment is the evaluation of distributions of outcomes, with a focus on the worse that might happen.
Let X 1, X 2,..., X n be a set of independent random variables having a common distribution, and let E[ X i ] = . then, with probability 1 Strong law.

Let X 1, X 2,..., X n be a set of independent random variables having a common distribution, and let E[ X i ] = . then, with probability 1 Strong law.
Quantitative Research and Analytics, Proprietary and Confidential1 Ryan Michaluk

Quantitative Research and Analytics, Proprietary and Confidential1 Ryan Michaluk
MIS 524, Assignment 41 Is Outsourcing IT Like Giving the Store Away?

MIS 524, Assignment 41 Is Outsourcing IT Like Giving the Store Away?
CS 589 Information Risk Management 6 February 2007.

CS 589 Information Risk Management 6 February 2007.
Machine Learning CUNY Graduate Center Lecture 3: Linear Regression.

Machine Learning CUNY Graduate Center Lecture 3: Linear Regression.
Comparative survey on non linear filtering methods : the quantization and the particle filtering approaches Afef SELLAMI Chang Young Kim.

Comparative survey on non linear filtering methods : the quantization and the particle filtering approaches Afef SELLAMI Chang Young Kim.
Grant CMMI-0757983 Service Enterprise Systems Robust Portfolio Management with Uncertain Rates of Return PI: Aurélie Thiele – Lehigh University PhD student:

Grant CMMI Service Enterprise Systems Robust Portfolio Management with Uncertain Rates of Return PI: Aurélie Thiele – Lehigh University PhD student:
Opportunity Engineering Harry Larsen The Boeing Company SCEA 2000 Conference.

Opportunity Engineering Harry Larsen The Boeing Company SCEA 2000 Conference.
BACHELOR OF ARTS IN ECONOMICS Econ 114 – MATHEMATICAL ECONOMICS Pangasinan State University Social Science Department CHAPTER 1 INTRODUCTION TO MATHEMATICAL.

BACHELOR OF ARTS IN ECONOMICS Econ 114 – MATHEMATICAL ECONOMICS Pangasinan State University Social Science Department CHAPTER 1 INTRODUCTION TO MATHEMATICAL.
S Neuendorf 2004 Prediction of Software Defects SASQAG March 2004 by Steve Neuendorf.

S Neuendorf 2004 Prediction of Software Defects SASQAG March 2004 by Steve Neuendorf.
Testing and Cost / Benefit Tor Stålhane. Why cost / benefit – 1 For most “real” software systems, the number of possible inputs is large. Thus, we can.

Testing and Cost / Benefit Tor Stålhane. Why cost / benefit – 1 For most “real” software systems, the number of possible inputs is large. Thus, we can.
1 Oppliger: Ch. 15 Risk Management. 2 Outline Introduction Formal risk analysis Alternative risk analysis approaches/technologies –Security scanning –Intrusion.

1 Oppliger: Ch. 15 Risk Management. 2 Outline Introduction Formal risk analysis Alternative risk analysis approaches/technologies –Security scanning –Intrusion.
Risk Management - ACostE Kate Boothroyd FIRM Director, KB Risk Consulting Limited.

Risk Management - ACostE Kate Boothroyd FIRM Director, KB Risk Consulting Limited.
Statistical Decision Theory

Statistical Decision Theory
Revision. Mintzberg’s 10 Management Roles Interpersonal – Figurehead : symbolic head – Leader : Responsible for the motivation and activation of subordinates;

Revision. Mintzberg’s 10 Management Roles Interpersonal – Figurehead : symbolic head – Leader : Responsible for the motivation and activation of subordinates;

Similar presentations

Ads by Google