Note: this blog is a mirror of my HP Labs Blog, on the same topic, accessible at: http://h30507.www3.hp.com/t5/Research-on-Security-and/bg-p/163

Friday, May 21, 2010

On Strategic Preference Elicitations from Security Decision Makers (Economics of Security and Identity Management)

In the context of my Security and Identity Analytics R&D work I am currently exploring various methodologies and approaches to elicit strategic preferences from decision makers.

Ideally, by understanding these strategic preferences, it is possible to create a framework where to investigate the implications of security (investment) decisions, from an economic perspective: in this context, analytic methods, leveraging modelling and simulation techniques, can also be used for what-if analysis.

Recent technical reports, HPL-2010-11 and HPL-2010-12, provide a more detailed description of some of the work done at HP Labs in Identity Analytics, in the space of Economics of Identity Management.

Of course I am well aware that different approaches and methodologies might apply and that the scientific community has different views and perceptions of how and when to use preference elicitation.

An interesting paper (among many) setting the context in this domain is “Survey of Preference Elicitation Methods” by Li Chen and Pearl Pu, EPFL, Losanne.

However, I wonder if anybody in the community is aware of current work and or documents describing methodologies and case studies in the specific area of preference elicitation, in the security domain.


--- Posted by Marco Casassa Mont (here and here) ---

--- NOTE: use this mirror blog if you prefer posting on an external blog site ---

--- NOTE: my original HP blog can be found here ---

Article: What CIOs need, how CISOs should deliver

An interesting article has been published by “ComputerWorlds UK” called “What CIOs need, how CISOs should deliver” and posted by Dan Turner, CTO, Vistorm (HP Company).

Our work at HP Labs on Security Analytics has been mentioned:

“My colleagues at HP Labs are looking to go further with their research into ‘Security Analytics’. Through the use of economic and mathematical techniques combined with predictive modelling, the research claims that it’s possible to measure the effectiveness of an organisation’s security controls and therefore guide better investment by understanding the trade-offs. Needless to say, it makes for interesting reading and this will certainly be an area to watch.”

--- Posted by Marco Casassa Mont (here and here) ---

--- NOTE: use this mirror blog if you prefer posting on an external blog site ---

--- NOTE: my original HP blog can be found here ---

Update - Keynote Speaker at IEEE i-Society 2010

As mentioned in a previous blog post of mine, I have been invited to be a Keynote speakers at IEEE i-Society 2010, the International Conference on Information Society.

Thanks to those people that sent me their input and suggestions. I kept into account the input and feedback in the speech abstract that I sent to the organisers:

“We are living in interesting times. New trends affect the information society (organisations and people), such as: increased availability of services in the cloud; the adoption of web 2.0 and social networking for personal and business purposes; pervasive mobile computing; the consumerization of the enterprise.

Along with many new opportunities for people and organisations, we are also assisting to the raise of new security and privacy threats and an increased role played by the organised cybercrime.

People and organisations are going to be more and more impacted by these trends and threats. Organisations need to better understand the dynamic threat environment they are fighting against and where to effectively make their security investments. More assurance and trust is required on the Internet.

This keynote discusses these trends, briefly analyses emerging threats and provides an overview of the organised cybercrime ecosystem. It highlights a few needs and research opportunities in key areas, including: automation of security lifecycle management, economics of security, security analytics, trusted virtualisation, identity assurance and privacy management. Related work done by HP Labs in this space - in collaboration with the UK research community - is presented and discussed.”


--- Posted by Marco Casassa Mont (here and here) ---

--- NOTE: use this mirror blog if you prefer posting on an external blog site ---

--- NOTE: my original HP blog can be found here ---