eprintid: 1489963
rev_number: 29
eprint_status: archive
userid: 608
dir: disk0/01/48/99/63
datestamp: 2016-05-07 20:01:20
lastmod: 2020-02-12 17:35:15
status_changed: 2018-03-26 14:56:53
type: proceedings_section
metadata_visibility: show
creators_name: Dehghanniri, H
creators_name: Letier, E
creators_name: Borrion, H
title: Improving Security Decision under Uncertainty: A Multidisciplinary Approach
ispublished: pub
divisions: UCL
divisions: A01
divisions: B04
divisions: C05
divisions: F48
divisions: F52
keywords: Science & Technology, Technology, Computer Science, Theory & Methods, Engineering, Electrical & Electronic, Computer Science, Engineering, security, requirements engineering, decision-making, risk, crime script, uncertainty, identity theft, SCRIPT ANALYSIS, REQUIREMENTS, PREVENTION
note: This version is the author accepted manuscript. For information on re-use, please refer to the publisher’s terms and conditions.
abstract: Security decision-making is a critical task in tackling security threats affecting a system or process. It often involves selecting a suitable resolution action to tackle an identified security risk. To support this selection process, decision-makers should be able to evaluate and compare available decision options. This article introduces a modelling language that can be used to represent the effects of resolution actions on the stakeholders' goals, the crime process, and the attacker. In order to reach this aim, we develop a multidisciplinary framework that combines existing knowledge from the fields of software engineering, crime science, risk assessment, and quantitative decision analysis. The framework is illustrated through an application to a case of identity theft.
date: 2015-07-27
date_type: published
publisher: IEEE
official_url: https://doi.org/10.1109/CyberSA.2015.7166134
oa_status: green
full_text_type: other
language: eng
primo: open
primo_central: open_green
verified: verified_manual
elements_id: 1087760
doi: 10.1109/CyberSA.2015.7166134
lyricists_name: Borrion, Herve
lyricists_name: Letier, Emmanuel
lyricists_id: HBORR81
lyricists_id: ELETI04
actors_name: Stacey, Thomas
actors_id: TSSTA20
actors_role: owner
full_text_status: public
publication: 2015 International Conference on Cyber Situational Awareness, Data Analytics and Assessment (CyberSA)
place_of_pub: London, UK
pagerange: 1-7
pages: 7
event_title: International Conference on Cyber Situational Awareness, Data Analytics and Assessment (CyberSA)
event_location: London, UNITED KINGDOM
event_dates: 08 June 2015 - 09 June 2015
institution: International Conference on Cyber Situational Awareness, Data Analytics and Assessment (CyberSA)
editors_name: Onwubiko, C
citation:        Dehghanniri, H;    Letier, E;    Borrion, H;      (2015)    Improving Security Decision under Uncertainty: A Multidisciplinary Approach.                     In: Onwubiko, C, (ed.)  (Proceedings) International Conference on Cyber Situational Awareness, Data Analytics and Assessment (CyberSA). (pp. pp. 1-7).  IEEE: London, UK.       Green open access   
 
document_url: https://discovery.ucl.ac.uk/id/eprint/1489963/1/Borrion%20Improving%20Security%20Decision%20under%20Uncertainty.pdf