TY  - GEN
N1  - This version is the author accepted manuscript. For information on re-use, please refer to the publisher?s terms and conditions.
TI  - Improving Security Decision under Uncertainty: A Multidisciplinary Approach
EP  - 7
AV  - public
Y1  - 2015/07/27/
SP  - 1
CY  - London, UK
KW  - Science & Technology
KW  -  Technology
KW  -  Computer Science
KW  -  Theory & Methods
KW  -  Engineering
KW  -  Electrical & Electronic
KW  -  Computer Science
KW  -  Engineering
KW  -  security
KW  -  requirements engineering
KW  -  decision-making
KW  -  risk
KW  -  crime script
KW  -  uncertainty
KW  -  identity theft
KW  -  SCRIPT ANALYSIS
KW  -  REQUIREMENTS
KW  -  PREVENTION
A1  - Dehghanniri, H
A1  - Letier, E
A1  - Borrion, H
ID  - discovery1489963
N2  - Security decision-making is a critical task in tackling security threats affecting a system or process. It often involves selecting a suitable resolution action to tackle an identified security risk. To support this selection process, decision-makers should be able to evaluate and compare available decision options. This article introduces a modelling language that can be used to represent the effects of resolution actions on the stakeholders' goals, the crime process, and the attacker. In order to reach this aim, we develop a multidisciplinary framework that combines existing knowledge from the fields of software engineering, crime science, risk assessment, and quantitative decision analysis. The framework is illustrated through an application to a case of identity theft.
PB  - IEEE
UR  - https://doi.org/10.1109/CyberSA.2015.7166134
ER  -