Download presentation
Presentation is loading. Please wait.
Published byEthel Jacobs Modified over 9 years ago
1
Network Security Pricing and Economics David Naccache david.naccache@ens.fr
2
Security seen economically… Probability of threat materialization. Loss when threat materializes. Cost of countermeasures. Probability that countermeasures work.
3
Security seen economically… Probability of threat materialization. p[i] Loss when threat materializes. L[i] Cost of countermeasures. C[j, parameters] Probability that countermeasures work. q[j,i, parameters]
4
Example Probability of threat materialization. p[i] –p[“virus attack/day”]=1/1000 –p[“DoS attack/day”]=1/300 –p[“SQL injection/day”]=1/1000 etc. Hard to estimate precisely Threats are not independent events
5
Example Loss when threat materializes. L[i] –L[“virus attack/day”]=€2000 –L[“DoS attack/day”]=€1300 –L[“SQL injection/day”]=€10000 etc. Fairly easy to estimate
6
Cost of countermeasures. C[j, parameters] –C[“Norton”,weekly update]=€200 –C[“Norton”, monthly update]=€100 –C[“Norton”, no firewall option]=€50 –C[“Checkpoint”, standard ver.]=€500 –C[“Spam Assassin”, (no options)]=€0 etc. Some choices are incompatible. Parameters can be discrete or continuous Easy to estimate precisely Example
7
Probability that countermeasures work. q[j,i, parameters] Countermeasure j bought with “parameters” will reduce risk p[i] to q[j,i, parameters] Hard to estimate precisely Example
8
A complex bayesian optimisation problem. –Continuous and non continuous variables. –Find algorithmic approaches to tackle it. –Propose a “clean” (simplified) model. Assuming that probabilities are correctly assessed. –Benchmark model against reality. Current enterprise approaches are empiric –Based on individual experience –Based on standards (de facto) –Based on legacy systems… The Challenges
9
The Opportunity Bring together: –Security specialists –Mathematicians –Economists Target-rich academic / industrial area.
Similar presentations
© 2024 SlidePlayer.com Inc.
All rights reserved.