Affiliation:
1. Radford University Radford Virginia USA
2. University of Virginia Charlottesville Virginia USA
3. Commonwealth Center for Advanced Logistics Systems Petersburg Virginia USA
Abstract
AbstractThe security risks posed by electronics are numerous. There are typically a variety of risk‐reducing countermeasures for a given system or across an enterprise. Each countermeasure is associated with both a level of risk reduction and its lifecycle costs. Given budgetary constraints, risk managers and systems engineers must determine what combinations of countermeasures cost‐effectively maximize risk reduction, and what metrics best guide the investment process. In this paper, we seek to answer these questions through exploration of risk reduction metrics from the field of security economics, including the benefit/cost ratio, return on security investment (ROSI), expected benefit of information security (EBIS), and expected net benefit of information security (ENBIS). The results suggest that ratio‐based metrics are not strongly correlated with risk reduction, while EBIS is equivalent to risk reduction and ENBIS is equal to risk reduction minus cost.
Funder
National Science Foundation
Subject
Computer Networks and Communications,Hardware and Architecture
Cited by
2 articles.
订阅此论文施引文献
订阅此论文施引文献,注册后可以免费订阅5篇论文的施引文献,订阅后可以查看论文全部施引文献
1. Stress Testing for Resilience of Semiconductor Supply Chains;2023 IEEE 14th Annual Ubiquitous Computing, Electronics & Mobile Communication Conference (UEMCON);2023-10-12
2. Information security outsourcing in a resource-sharing environment: The impacts of attack modes;Journal of the Operational Research Society;2023-07-14