Risk-neutral evaluation of information security investment on data centers |
| |
Authors: | Shyue-Liang Wang Jyun-Da Chen Paul A Stirpe Tzung-Pei Hong |
| |
Affiliation: | (1) Department of Information Management, National University of Kaohsiung, Kaohsiung, Taiwan, 81148;(2) Letse, LLC, 45 Oser Avenue, Hauppauge, NY 11788, USA;(3) Department of Computer Science and Information Engineering, National University of Kaohsiung, Kaohsiung, Taiwan, 81148 |
| |
Abstract: | Based on given data center network topology and risk-neutral management, this work proposes a simple but efficient probability-based
model to calculate the probability of insecurity of each protected resource and the optimal investment on each security protection
device when a data center is under security breach. We present two algorithms that calculate the probability of threat and
the optimal investment for data center security respectively. Based on the insecurity flow model (Moskowitz and Kang 1997) of analyzing security violations, we first model data center topology using two basic components, namely resources and filters,
where resources represent the protected resources and filters represent the security protection devices. Four basic patterns are then identified as the building blocks for the first algorithm,
called Accumulative Probability of Insecurity, to calculate the accumulative probability of realized threat (insecurity) on each resource. To calculate the optimal security
investment, a risk-neutral based algorithm, called Optimal Security Investment, which maximizes the total expected net benefit is then proposed. Numerical simulations show that the proposed approach coincides
with Gordon’s (Gordon and Loeb, ACM Transactions on Information and Systems Security 5(4):438–457, 2002) single-system analytical model. In addition, numerical results on two common data center topologies are analyzed and compared
to demonstrate the effectiveness of the proposed approach. The technique proposed here can be used to facilitate the analysis
and design of more secured data centers. |
| |
Keywords: | |
本文献已被 SpringerLink 等数据库收录! |
|