Understanding and influencing attackers’ decisions: implications for security investment strategies
Altro
Data di Pubblicazione:
2006
Citazione:
Understanding and influencing attackers’ decisions: implications for security investment strategies / M. Cremonini, D. Nizovtsev. - [s.l] : Washburn University, 2006 Jun. (School of Bussiness : working paper)
Abstract:
We model economic behavior of attackers when they are able to obtain complete information about the security characteristics of targets and when such information is unavailable. We find that when attackers are able to distinguish targets by their security characteristics and switch between multiple alternative targets, the effect of a given security measure is stronger. That is due to the fact that attackers rationally put more effort into attacking systems with low security levels. Ignoring that effect would result in underinvestment in security or misallocation of security resources. We also find that systems with better levels of protection have stronger incentives to reveal their security characteristics to attackers than poorly protected systems. Those results have important implications for security practices and policy issues.
Tipologia IRIS:
08 - Relazione interna o rapporto di ricerca
Keywords:
Economics of information systems; Information system security; Perceived security; Investment evaluation; Attacker behavior
Elenco autori:
M. Cremonini, D. Nizovtsev
Link alla scheda completa: