Caulfield, T; Pym, D; (2015) Improving Security Policy Decisions with Models. IEEE Security and Privacy Magazine , 13 (5) pp. 34-41. 10.1109/MSP.2015.97.

Text cp15-ieee-secpriv.pdf Download (259kB)

Abstract

Security managers face the challenge of designing security policies that deliver the objectives required by their organizations. We explain how a rigorous methodology, grounded in mathematical systems modelling and the economics of decision-making, can be used to explore the operational consequences of their design choices and help security managers to make better decisions. The methodology is based on constructing executable system models that illustrate the effects of different policy choices. Models are designed to be composed, allowing complex systems to be expressed as combinations of smaller, complete models. They capture the logical and physical structure of systems, the choices and behavior of agents within the system, and the security managers' preferences about outcomes. Models are parameterized from observations of the real world and the effectiveness of different security policies is explored through simulation. Utility theory is used to describe the extent to which security managers' policies deliver their security objectives.Improving Security Policy Decisions with Models

Downloads since deposit

Loading...

286Downloads

Download activity - last month

Export as XMLCSVJSON

Loading...

Download activity - last 12 months

Export as JSONCSVXML

Loading...

Downloads by country - last 12 months

Export as JSONCSVXML

Loading...

Archive Staff Only

View Item