Comparing the Effectivity of Planned Cyber Defense Controls in Order to Support the Selection Process

Paul Tavolato; Robert Luh; Robert Luh; Sebastian Eresheim; Sebastian Eresheim; Simon Gmeiner; Sebastian Schrittwieser

doi:10.5220/0012421800003648

Comparing the Effectivity of Planned Cyber Defense Controls in Order to Support the Selection Process

Paul Tavolato, Robert Luh, Robert Luh, Sebastian Eresheim, Sebastian Eresheim, Simon Gmeiner, Sebastian Schrittwieser

2024

Abstract

Being able to compare the effectiveness of security controls on a sound quantitative basis would be of great benefit when it comes to decide which security controls should be implemented under given budget restrictions. This paper introduces a method for such comparisons based on a list of preventive defense actions and a list of attack actions, where the attack actions are supplemented by basic success probabilities; furthermore, a matrix showing the impact of the preventive defense actions on the success probabilities of attack actions is developed. Site specific characteristics are taken into account by the use of weights which must be defined by the security manager. Equipped with these tools a measure for the effectiveness of individual defense controls can be calculated. Comparing the measures provides valuable decision support in selecting defense controls to be implemented. A main focus lies on the easy applicability of the method to real-world situations. This is accomplished by incorporating information from several proven tactical and technical knowledge bases well established in the field.

Download

Paper Citation

in Harvard Style

Tavolato P., Luh R., Eresheim S., Gmeiner S. and Schrittwieser S. (2024). Comparing the Effectivity of Planned Cyber Defense Controls in Order to Support the Selection Process. In Proceedings of the 10th International Conference on Information Systems Security and Privacy - Volume 1: ICISSP; ISBN 978-989-758-683-5, SciTePress, pages 211-218. DOI: 10.5220/0012421800003648

in Bibtex Style

@conference{icissp24,
author={Paul Tavolato and Robert Luh and Sebastian Eresheim and Simon Gmeiner and Sebastian Schrittwieser},
title={Comparing the Effectivity of Planned Cyber Defense Controls in Order to Support the Selection Process},
booktitle={Proceedings of the 10th International Conference on Information Systems Security and Privacy - Volume 1: ICISSP},
year={2024},
pages={211-218},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0012421800003648},
isbn={978-989-758-683-5},
}

in EndNote Style

TY - CONF

JO - Proceedings of the 10th International Conference on Information Systems Security and Privacy - Volume 1: ICISSP
TI - Comparing the Effectivity of Planned Cyber Defense Controls in Order to Support the Selection Process
SN - 978-989-758-683-5
AU - Tavolato P.
AU - Luh R.
AU - Eresheim S.
AU - Gmeiner S.
AU - Schrittwieser S.
PY - 2024
SP - 211
EP - 218
DO - 10.5220/0012421800003648
PB - SciTePress