IRIS Institutional Research Information System - AIR Archivio Istituzionale della Ricerca

We model economic behavior of attackers when they are able to obtain complete information about the security characteristics of targets and when such information is unavailable. We find that when attackers are able to distinguish targets by their security characteristics and switch between multiple alternative targets, the effect of a given security measure is stronger. That is due to the fact that attackers rationally put more effort into attacking systems with low security levels. Ignoring that effect would result in underinvestment in security or misallocation of security resources. We also find that systems with better levels of protection have stronger incentives to reveal their security characteristics to attackers than poorly protected systems. Those results have important implications for security practices and policy issues.

Understanding and influencing attackers’ decisions: implications for security investment strategies / M. Cremonini, D. Nizovtsev. - [s.l] : Washburn University, 2006 Jun. (School of Bussiness : working paper)

Understanding and influencing attackers’ decisions: implications for security investment strategies

M. Cremonini
Primo
;
2006

Abstract

We model economic behavior of attackers when they are able to obtain complete information about the security characteristics of targets and when such information is unavailable. We find that when attackers are able to distinguish targets by their security characteristics and switch between multiple alternative targets, the effect of a given security measure is stronger. That is due to the fact that attackers rationally put more effort into attacking systems with low security levels. Ignoring that effect would result in underinvestment in security or misallocation of security resources. We also find that systems with better levels of protection have stronger incentives to reveal their security characteristics to attackers than poorly protected systems. Those results have important implications for security practices and policy issues.
giu-2006
Economics of information systems; Information system security; Perceived security; Investment evaluation; Attacker behavior
Settore INF/01 - Informatica
Settore SECS-P/06 - Economia Applicata
Settore ING-INF/05 - Sistemi di Elaborazione delle Informazioni
http://www.econinfosec.org/archive/weis2006/docs/3.pdf
Working Paper
Understanding and influencing attackers’ decisions: implications for security investment strategies / M. Cremonini, D. Nizovtsev. - [s.l] : Washburn University, 2006 Jun. (School of Bussiness : working paper)
File in questo prodotto:
File Dimensione Formato  
Understanding And Influencing Attackers Decisions Implications For Security Investment Strategies.pdf

accesso aperto

Tipologia: Altro
Dimensione 1.56 MB
Formato Adobe PDF
Visualizza/Apri
1.56 MB Adobe PDF Visualizza/Apri
Pubblicazioni consigliate

I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.

Utilizza questo identificativo per citare o creare un link a questo documento: https://hdl.handle.net/2434/161421
Citazioni
  • ???jsp.display-item.citation.pmc??? ND
  • Scopus ND
  • ???jsp.display-item.citation.isi??? ND
social impact