eprintid: 1489963 rev_number: 29 eprint_status: archive userid: 608 dir: disk0/01/48/99/63 datestamp: 2016-05-07 20:01:20 lastmod: 2020-02-12 17:35:15 status_changed: 2018-03-26 14:56:53 type: proceedings_section metadata_visibility: show creators_name: Dehghanniri, H creators_name: Letier, E creators_name: Borrion, H title: Improving Security Decision under Uncertainty: A Multidisciplinary Approach ispublished: pub divisions: UCL divisions: A01 divisions: B04 divisions: C05 divisions: F48 divisions: F52 keywords: Science & Technology, Technology, Computer Science, Theory & Methods, Engineering, Electrical & Electronic, Computer Science, Engineering, security, requirements engineering, decision-making, risk, crime script, uncertainty, identity theft, SCRIPT ANALYSIS, REQUIREMENTS, PREVENTION note: This version is the author accepted manuscript. For information on re-use, please refer to the publisher’s terms and conditions. abstract: Security decision-making is a critical task in tackling security threats affecting a system or process. It often involves selecting a suitable resolution action to tackle an identified security risk. To support this selection process, decision-makers should be able to evaluate and compare available decision options. This article introduces a modelling language that can be used to represent the effects of resolution actions on the stakeholders' goals, the crime process, and the attacker. In order to reach this aim, we develop a multidisciplinary framework that combines existing knowledge from the fields of software engineering, crime science, risk assessment, and quantitative decision analysis. The framework is illustrated through an application to a case of identity theft. date: 2015-07-27 date_type: published publisher: IEEE official_url: https://doi.org/10.1109/CyberSA.2015.7166134 oa_status: green full_text_type: other language: eng primo: open primo_central: open_green verified: verified_manual elements_id: 1087760 doi: 10.1109/CyberSA.2015.7166134 lyricists_name: Borrion, Herve lyricists_name: Letier, Emmanuel lyricists_id: HBORR81 lyricists_id: ELETI04 actors_name: Stacey, Thomas actors_id: TSSTA20 actors_role: owner full_text_status: public publication: 2015 International Conference on Cyber Situational Awareness, Data Analytics and Assessment (CyberSA) place_of_pub: London, UK pagerange: 1-7 pages: 7 event_title: International Conference on Cyber Situational Awareness, Data Analytics and Assessment (CyberSA) event_location: London, UNITED KINGDOM event_dates: 08 June 2015 - 09 June 2015 institution: International Conference on Cyber Situational Awareness, Data Analytics and Assessment (CyberSA) editors_name: Onwubiko, C citation: Dehghanniri, H; Letier, E; Borrion, H; (2015) Improving Security Decision under Uncertainty: A Multidisciplinary Approach. In: Onwubiko, C, (ed.) (Proceedings) International Conference on Cyber Situational Awareness, Data Analytics and Assessment (CyberSA). (pp. pp. 1-7). IEEE: London, UK. Green open access document_url: https://discovery.ucl.ac.uk/id/eprint/1489963/1/Borrion%20Improving%20Security%20Decision%20under%20Uncertainty.pdf