A Quantitative Model for Evaluating the Efficiency of Proactive and Reactive Security Countermeasures
Summary :
During the investment process for enhancing the level of IT security, organizations typically rely on two kinds of security countermeasures, i.e., proactive security countermeasures (PSCs) and reactive security countermeasures (RSCs). The PSCs are known to prevent security incidents before their occurrence, while the RSCs identify security incidents and recover the damaged hardware and software during or after their occurrence. Some researchers studied the effect of the integration of PSCs and RSCs, and showed that the integration can control unwanted incidents better than a single type of security countermeasure. However, the studies were made mostly in a qualitative manner, not in a quantitative manner. In this paper, we focus on deriving a quantitative model that analyzes the influence of different conditions on the efficiency of the integrated security countermeasures. Using the proposed model, we analyze for the first time how vulnerability and the potential exploits resulting from such vulnerability can affect the efficiency of the integrated security countermeasures; furthermore, we analytically verify that as the efficiency of PSCs increases, the burden of RSCs decreases, and vice versa. Also, we describe how to select possibly optimal configurations of the integrated security countermeasures.
- Publication
- IEICE TRANSACTIONS on Information Vol.E98-D No.3 pp.637-648
- Publication Date
- 2015/03/01
- Publicized
- Online ISSN
- 1745-1361
- DOI
- 10.1587/transinf.2014EDP7042
- Type of Manuscript
- PAPER
- Category
- Information Network
Authors
Yoon-Ho CHOI
Pusan National University
Han-You JEONG
Pusan National University
Seung-Woo SEO
Seoul National University
Keyword
Latest Issue
Copyrights notice of machine-translated contents
The copyright of the original papers published on this site belongs to IEICE. Unauthorized use of the original or translated papers is prohibited. See IEICE Provisions on Copyright for details.
Cite this
Copy
Yoon-Ho CHOI, Han-You JEONG, Seung-Woo SEO, "A Quantitative Model for Evaluating the Efficiency of Proactive and Reactive Security Countermeasures" in IEICE TRANSACTIONS on Information,
vol. E98-D, no. 3, pp. 637-648, March 2015, doi: 10.1587/transinf.2014EDP7042.
Abstract: During the investment process for enhancing the level of IT security, organizations typically rely on two kinds of security countermeasures, i.e., proactive security countermeasures (PSCs) and reactive security countermeasures (RSCs). The PSCs are known to prevent security incidents before their occurrence, while the RSCs identify security incidents and recover the damaged hardware and software during or after their occurrence. Some researchers studied the effect of the integration of PSCs and RSCs, and showed that the integration can control unwanted incidents better than a single type of security countermeasure. However, the studies were made mostly in a qualitative manner, not in a quantitative manner. In this paper, we focus on deriving a quantitative model that analyzes the influence of different conditions on the efficiency of the integrated security countermeasures. Using the proposed model, we analyze for the first time how vulnerability and the potential exploits resulting from such vulnerability can affect the efficiency of the integrated security countermeasures; furthermore, we analytically verify that as the efficiency of PSCs increases, the burden of RSCs decreases, and vice versa. Also, we describe how to select possibly optimal configurations of the integrated security countermeasures.
URL: https://globals.ieice.org/en_transactions/information/10.1587/transinf.2014EDP7042/_p
Copy
@ARTICLE{e98-d_3_637,
author={Yoon-Ho CHOI, Han-You JEONG, Seung-Woo SEO, },
journal={IEICE TRANSACTIONS on Information},
title={A Quantitative Model for Evaluating the Efficiency of Proactive and Reactive Security Countermeasures},
year={2015},
volume={E98-D},
number={3},
pages={637-648},
abstract={During the investment process for enhancing the level of IT security, organizations typically rely on two kinds of security countermeasures, i.e., proactive security countermeasures (PSCs) and reactive security countermeasures (RSCs). The PSCs are known to prevent security incidents before their occurrence, while the RSCs identify security incidents and recover the damaged hardware and software during or after their occurrence. Some researchers studied the effect of the integration of PSCs and RSCs, and showed that the integration can control unwanted incidents better than a single type of security countermeasure. However, the studies were made mostly in a qualitative manner, not in a quantitative manner. In this paper, we focus on deriving a quantitative model that analyzes the influence of different conditions on the efficiency of the integrated security countermeasures. Using the proposed model, we analyze for the first time how vulnerability and the potential exploits resulting from such vulnerability can affect the efficiency of the integrated security countermeasures; furthermore, we analytically verify that as the efficiency of PSCs increases, the burden of RSCs decreases, and vice versa. Also, we describe how to select possibly optimal configurations of the integrated security countermeasures.},
keywords={},
doi={10.1587/transinf.2014EDP7042},
ISSN={1745-1361},
month={March},}
Copy
TY - JOUR
TI - A Quantitative Model for Evaluating the Efficiency of Proactive and Reactive Security Countermeasures
T2 - IEICE TRANSACTIONS on Information
SP - 637
EP - 648
AU - Yoon-Ho CHOI
AU - Han-You JEONG
AU - Seung-Woo SEO
PY - 2015
DO - 10.1587/transinf.2014EDP7042
JO - IEICE TRANSACTIONS on Information
SN - 1745-1361
VL - E98-D
IS - 3
JA - IEICE TRANSACTIONS on Information
Y1 - March 2015
AB - During the investment process for enhancing the level of IT security, organizations typically rely on two kinds of security countermeasures, i.e., proactive security countermeasures (PSCs) and reactive security countermeasures (RSCs). The PSCs are known to prevent security incidents before their occurrence, while the RSCs identify security incidents and recover the damaged hardware and software during or after their occurrence. Some researchers studied the effect of the integration of PSCs and RSCs, and showed that the integration can control unwanted incidents better than a single type of security countermeasure. However, the studies were made mostly in a qualitative manner, not in a quantitative manner. In this paper, we focus on deriving a quantitative model that analyzes the influence of different conditions on the efficiency of the integrated security countermeasures. Using the proposed model, we analyze for the first time how vulnerability and the potential exploits resulting from such vulnerability can affect the efficiency of the integrated security countermeasures; furthermore, we analytically verify that as the efficiency of PSCs increases, the burden of RSCs decreases, and vice versa. Also, we describe how to select possibly optimal configurations of the integrated security countermeasures.
ER -
FlyerIEICE has prepared a flyer regarding multilingual services. Please use the one in your native language.
English
