A new HP Labs Technical Report has been released, in the area of Security and Identity Analytics, called “Systems Modelling for Economic Analyses of Security Investments: A Case Study in Identity and Access Management” by Adrian Baldwin, Marco Casassa Mont, David Pym and Simon Shiu:
“Identity and Access Management (IAM) is a key issue for systems security managers such as CISOs. More specifically, it is a difficult problem to understand how different investments in people, process, and technology affect the intended security outcomes. We position this problem within the framework of optimal control models in macroeconomics, and use a process model to understand the dynamics of the utility of possible trade-offs between investment, access, and security incidents (breaches). A utility function is used to express the security manager's IAM preferences, and the functional behaviour of its components is described via a process model. Executing our process model as Monte Carlo simulations, we illustrate the behaviour of the utility function for varying levels of investment and threat, and so provide the beginnings of a decision-support tool for systems security managers.”
--- Posted by Marco Casassa Mont (here and here) ---
--- NOTE: my original HP blog can be found here ---
No comments:
Post a Comment