Risk-neutral evaluation of information security investment on data centers

Shyue-Liang Wang; Jyun-Da Chen; Paul A. Stirpe; Tzung-Pei Hong

首页> 外文期刊>Journal of Intelligent Information Systems >Risk-neutral evaluation of information security investment on data centers

【24h】

Risk-neutral evaluation of information security investment on data centers

机译：数据中心信息安全投资的风险中性评估

获取原文

获取原文并翻译 | 示例

掌桥外文数据库（机构版） >>

开具论文收录证明 >>

文献代查 >>

页面导航

摘要
著录项
相似文献
相关主题

摘要

Based on given data center network topology and risk-neutral management, this work proposes a simple but efficient probability-based model to calculate the probability of insecurity of each protected resource and the optimal investment on each security protection device when a data center is under security breach. We present two algorithms that calculate the probability of threat and the optimal investment for data center security respectively. Based on the insecurity flow model (Moskowitz and Kang 1997) of analyzing security violations, we first model data center topology using two basic components, namely resources and filters, where resources represent the protected resources and filters represent the security protection devices. Four basic patterns are then identified as the building blocks for the first algorithm, called Accumulative Probability of Insecurity, to calculate the accumulative probability of realized threat (insecurity) on each resource. To calculate the optimal security investment, a risk-neutral based algorithm, called Optimal Security Investment, which maximizes the total expected net benefit is then proposed. Numerical simulations show that the proposed approach coincides with Gordon's (Gordon and Loeb, ACM Transactions on Information and Systems Security 5(4):438-457,2002) single-system analytical model. In addition, numerical results on two common data center topologies are analyzed and compared to demonstrate the effectiveness of the proposed approach. The technique proposed here can be used to facilitate the analysis and design of more secured data centers.

机译：基于给定的数据中心网络拓扑和风险中性管理，这项工作提出了一个简单但有效的基于概率的模型，用于计算数据中心处于安全状态时每种受保护资源的不安全概率以及对每种安全保护设备的最佳投资违反。我们提出两种算法，分别计算威胁概率和数据中心安全性的最佳投资。基于分析安全违规的不安全流模型（Moskowitz和Kang，1997），我们首先使用两个基本组件对数据中心拓扑进行建模，即资源和过滤器，其中资源代表受保护的资源，过滤器代表安全保护设备。然后，将四种基本模式标识为第一种算法的构建块，称为不安全累积概率，以计算每种资源上已实现威胁（不安全）的累积概率。为了计算最佳安全投资，然后提出了一种基于风险中立的算法，称为最佳安全投资，该算法可以使总预期净收益最大化。数值模拟表明，该方法与Gordon（Gordon和Loeb，ACM Transactions on Information and Systems Security 5（4）：438-457,2002）单系统分析模型相吻合。此外，对两种常见数据中心拓扑的数值结果进行了分析和比较，以证明所提出方法的有效性。此处提出的技术可用于促进更安全的数据中心的分析和设计。

著录项

来源
《Journal of Intelligent Information Systems》 |2011年第3期|p.329-345|共17页
作者
Shyue-Liang Wang; Jyun-Da Chen; Paul A. Stirpe; Tzung-Pei Hong;
展开▼
作者单位

Department of Information Management, National University of Kaohsiung, Kaohsiung, Taiwan 81148;

Department of Information Management, National University of Kaohsiung, Kaohsiung, Taiwan 81148;

Letse, LLC, 45 Oser Avenue, Hauppauge, NY 11788, USA;

Department of Computer Science and Information Engineering, National University of Kaohsiung, Kaohsiung, Taiwan 81148;

展开▼
收录信息
原文格式 PDF
正文语种 eng
中图分类
关键词
information security; data center; optimal security investment; insecurity flow; risk management;

机译：信息安全;数据中心;最佳的安全投资;不安全流;风险管理;

相似文献

外文文献
中文文献
专利

1. Security and Access Control Evaluation for Cloud Data Centers [J] . P.Balasubramanian International Journal of Computer Trends and Technology . 2013,第3期

机译：云数据中心的安全性和访问控制评估
2. Assessment of Information Security Management System based on ISO/IEC 27001:2013 On Subdirectorate of Data Center and Data Recovery Center in Ministry of Internal Affairs [J] . Ari Kurnianto, Rizal Isnanto, Aris Puji Widodo E3S Web of Conferences . 2018,第2期

机译：基于ISO / IEC 27001：2013的信息安全管理系统评估内政部数据中心和数据恢复中心的分支机构
3. Generation of Labelled Datasets to Quantify the Impact of Security Threats to Cloud Data Centers [J] . Sai Kiran Mukkavilli, Sachin Shetty, Liang Hong Journal of Information Security . 2016,第3期

机译：生成标记数据集以量化安全威胁对云数据中心的影响
4. A multi-perspective methodology for evaluating the security maturity of data centers [C] . Milton V. M. Lima, Ricardo M. F. Lima, Fernando A. A. Lins 2017 IEEE International Conference on Systems, Man, and Cybernetics . 2017

机译：评估数据中心安全成熟度的多角度方法
5. Evaluation Of Investments In Science, Technology And Innovation: Applying Scientific and Technical Human Capital Framework For Assessment of Doctoral Students In Cooperative Research Centers [D] . Leonchuk, Olena. 2016

机译：科技和创新投资的评估：将科学技术人力资本框架应用于合作研究中心的博士生评估
6. An Evaluation of Financial Institutions: Impact on Consumption and Investment Using Panel Data and the Theory of Risk-Bearing [O] . Mauro Alem, Robert M. Townsend -1

机译：金融机构评估：使用面板数据和风险承担理论对消费和投资的影响
7. ADAPTIVE MODEL OF MUTUAL FINANCIAL INVESTMENT PROCEDURE CONTROL IN CYBERSECURITY SYSTEMS OF SITUATIONAL TRANSPORT CENTERS [O] . B. S. Akhmetov, B. B. Akhmetov, V. A. Lakhno, 2019

机译：跨境运输中心网络安全系统中的相互金融投资程序控制的自适应模型

Risk-neutral evaluation of information security investment on data centers

摘要

著录项

相似文献

相关主题

期刊订阅