IIT Home Page CNR Home Page

Cyber Insurance and Time-to-Compromise: An Integrated Approach

Fast-growing numbers of technologies and devicesmake cyber security landscape more complicated and require amore accurate models. This complexity challenges cyber securityexperts to devise a better solution to manage cyber risks. One ofthe promising methods is to find the best distribution of securityexpenditure for risk mitigation and transfer (i.e. cyber insurance)options.

In this work, we propose a solution to find the optimal securityinvestments when there is a cyber insurance option by applyingtime to compromise metric to the probability of attack computation.In particular, we find the best set of countermeasures whichdecreases the maximum number of vulnerabilities to increase therequired time to compromise a system. Our approach is basedon a multiple-objective knapsack problem for the selection ofcountermeasures and we find the best distribution of securityexpenditure by computing both probability of attack and timeto compromise metric.

2019 International Conference On Cyber Situational Awareness, Data Analytics And Assessment (Cyber SA), Oxford, UK, 2019

Autori esterni: Fabio Massacci (UNITN)
Autori IIT:

Tipo: Contributo in atti di convegno
Area di disciplina: Computer Science & Engineering

File: Cyber Insurance and TimetoCompromise An Integrated Approach.pdf

Attività: Architetture, protocolli e meccanismi di sicurezza per sistemi e servizi distribuiti