Download presentation

Presentation is loading. Please wait.

Published byEthel Jacobs Modified over 2 years ago

1
Network Security Pricing and Economics David Naccache david.naccache@ens.fr

2
Security seen economically… Probability of threat materialization. Loss when threat materializes. Cost of countermeasures. Probability that countermeasures work.

3
Security seen economically… Probability of threat materialization. p[i] Loss when threat materializes. L[i] Cost of countermeasures. C[j, parameters] Probability that countermeasures work. q[j,i, parameters]

4
Example Probability of threat materialization. p[i] –p[“virus attack/day”]=1/1000 –p[“DoS attack/day”]=1/300 –p[“SQL injection/day”]=1/1000 etc. Hard to estimate precisely Threats are not independent events

5
Example Loss when threat materializes. L[i] –L[“virus attack/day”]=€2000 –L[“DoS attack/day”]=€1300 –L[“SQL injection/day”]=€10000 etc. Fairly easy to estimate

6
Cost of countermeasures. C[j, parameters] –C[“Norton”,weekly update]=€200 –C[“Norton”, monthly update]=€100 –C[“Norton”, no firewall option]=€50 –C[“Checkpoint”, standard ver.]=€500 –C[“Spam Assassin”, (no options)]=€0 etc. Some choices are incompatible. Parameters can be discrete or continuous Easy to estimate precisely Example

7
Probability that countermeasures work. q[j,i, parameters] Countermeasure j bought with “parameters” will reduce risk p[i] to q[j,i, parameters] Hard to estimate precisely Example

8
A complex bayesian optimisation problem. –Continuous and non continuous variables. –Find algorithmic approaches to tackle it. –Propose a “clean” (simplified) model. Assuming that probabilities are correctly assessed. –Benchmark model against reality. Current enterprise approaches are empiric –Based on individual experience –Based on standards (de facto) –Based on legacy systems… The Challenges

9
The Opportunity Bring together: –Security specialists –Mathematicians –Economists Target-rich academic / industrial area.

Similar presentations

OK

CJS 250 Week 9 Final Project The Security Plan Check this A+ tutorial guideline at 250-Week-9-Final-Project-The-Security-Plan.

CJS 250 Week 9 Final Project The Security Plan Check this A+ tutorial guideline at 250-Week-9-Final-Project-The-Security-Plan.

© 2017 SlidePlayer.com Inc.

All rights reserved.

Ads by Google