Risk-neutral evaluation of information security investment on data centers

Based on given data center network topology and risk-neutral management, this work proposes a simple but efficient probability-based model to calculate the probability of insecurity of each protected resource and the optimal investment on each security protection device when a data center is under s...

Full description

Saved in:
Bibliographic Details
Published in:Journal of intelligent information systems 2011-06, Vol.36 (3), p.329-345
Main Authors: Wang, Shyue-Liang, Chen, Jyun-Da, Stirpe, Paul A., Hong, Tzung-Pei
Format: Article
Language:English
Subjects:
Access control
Algorithms
Artificial Intelligence
Computer centers
Computer Science
Data mining
Data Structures and Information Theory
Decision making
Economic models
Game theory
Information Storage and Retrieval
Information systems
Intrusion detection systems
IT in Business
Natural Language Processing (NLP)
Network security
Network topologies
Probability
Security management
Simulation
Studies
Citations: Items that this one cites
Items that cite this one
Online Access:Get full text
Tags: Add Tag
No Tags, Be the first to tag this record!
Description
Summary:Based on given data center network topology and risk-neutral management, this work proposes a simple but efficient probability-based model to calculate the probability of insecurity of each protected resource and the optimal investment on each security protection device when a data center is under security breach. We present two algorithms that calculate the probability of threat and the optimal investment for data center security respectively. Based on the insecurity flow model (Moskowitz and Kang 1997 ) of analyzing security violations, we first model data center topology using two basic components, namely resources and filters, where resources represent the protected resources and filters represent the security protection devices. Four basic patterns are then identified as the building blocks for the first algorithm, called Accumulative Probability of Insecurity , to calculate the accumulative probability of realized threat (insecurity) on each resource. To calculate the optimal security investment, a risk-neutral based algorithm, called Optimal Security Investment , which maximizes the total expected net benefit is then proposed. Numerical simulations show that the proposed approach coincides with Gordon’s (Gordon and Loeb, ACM Transactions on Information and Systems Security 5(4):438–457, 2002 ) single-system analytical model. In addition, numerical results on two common data center topologies are analyzed and compared to demonstrate the effectiveness of the proposed approach. The technique proposed here can be used to facilitate the analysis and design of more secured data centers.
ISSN:0925-9902
1573-7675
DOI:10.1007/s10844-009-0109-4