Upload File

cyber security investment in the age of big datacritis2016.org/img/pdf/5b_4_cyber_security... ·...

  • Home
  • Documents
  • Cyber Security Investment in the Age of Big Datacritis2016.org/IMG/pdf/5b_4_cyber_security... · Cyber Security Investment in the Age of Big Data: Reassessment of the Gordon-Loeb
15
Cyber Security Investment in the Age of Big Data: Reassessment of the Gordon-Loeb Model and Application to Critical Infrastructure Protection Dimitri Percia David ab , Marcus Matthias Keupp b , Solange Ghernaouti a , and Alain Mermoud ab a Swiss Cybersecurity Advisory and Research Group, University of Lausanne b Military Academy at ETH Zurich

Upload: others

Post on 08-Jun-2020

7 views

Category:

Documents


0 download

Report

TRANSCRIPT

Page 1: Cyber Security Investment in the Age of Big Datacritis2016.org/IMG/pdf/5b_4_cyber_security... · Cyber Security Investment in the Age of Big Data: Reassessment of the Gordon-Loeb

Cyber Security Investment in the Age of Big Data: Reassessment of the Gordon-Loeb Model and Application to Critical

Infrastructure Protection

Dimitri Percia Davidab, Marcus Matthias Keuppb, Solange

Ghernaoutia, and Alain Mermoudab

a Swiss Cybersecurity Advisory and Research Group, University of Lausanne b Military Academy at ETH Zurich

Page 2: Cyber Security Investment in the Age of Big Datacritis2016.org/IMG/pdf/5b_4_cyber_security... · Cyber Security Investment in the Age of Big Data: Reassessment of the Gordon-Loeb

2 / 15

Agenda

Introduction 2’

The economics of information security

Investigating investment dynamics in cybersecruity

Extending the GL model 8’

The impact of Big Data Analytics on the GL model

Suggesting a multi-period model

Relaxing the assumption of continuity

Application to Critical Infrastructure Protection 2’

Concluding comments 2’

Further research 1’

Q&A and discussion 5’

Page 3: Cyber Security Investment in the Age of Big Datacritis2016.org/IMG/pdf/5b_4_cyber_security... · Cyber Security Investment in the Age of Big Data: Reassessment of the Gordon-Loeb

3 / 15

Introduction

Economics of Information Security as a complementary approach

Cyber Security issues = bad incentives + bad design

Page 4: Cyber Security Investment in the Age of Big Datacritis2016.org/IMG/pdf/5b_4_cyber_security... · Cyber Security Investment in the Age of Big Data: Reassessment of the Gordon-Loeb

4 / 15

Introduction

Investigating investment dynamics in cybersecruity

SINGLE PERIOD MODEL

Page 5: Cyber Security Investment in the Age of Big Datacritis2016.org/IMG/pdf/5b_4_cyber_security... · Cyber Security Investment in the Age of Big Data: Reassessment of the Gordon-Loeb

5 / 15

Introduction

Investigating investment dynamics in cybersecruity

MULTI-PERIOD MODEL

Cost of cyber security failure, S(Z, v)L

Cost DISCONTINUOUS FUNCTION

Page 6: Cyber Security Investment in the Age of Big Datacritis2016.org/IMG/pdf/5b_4_cyber_security... · Cyber Security Investment in the Age of Big Data: Reassessment of the Gordon-Loeb

6 / 15

Extending the GL model

The impact of Big Data Analytics on the GL model

Security Analytics: from bad signatures to bad actions

MINIMIZING COSTS

CONVENTIONAL CYBERSECURITY MEANS LIMITED SUCCESS

Page 7: Cyber Security Investment in the Age of Big Datacritis2016.org/IMG/pdf/5b_4_cyber_security... · Cyber Security Investment in the Age of Big Data: Reassessment of the Gordon-Loeb

7 / 15

Extending the GL model

The impact of Big Data Analytics on the GL model

Security Analytics: from bad signatures to bad actions

BAD SIGNATURES BAD ACTIONS

Page 8: Cyber Security Investment in the Age of Big Datacritis2016.org/IMG/pdf/5b_4_cyber_security... · Cyber Security Investment in the Age of Big Data: Reassessment of the Gordon-Loeb

8 / 15

Extending the GL model

The impact of Big Data Analytics on the GL model

From resilience to anticipation: the next generation of information technologies

Real time analytics

Early warnings

Dynamic detection

Page 9: Cyber Security Investment in the Age of Big Datacritis2016.org/IMG/pdf/5b_4_cyber_security... · Cyber Security Investment in the Age of Big Data: Reassessment of the Gordon-Loeb

9 / 15

Extending the GL model

1st impact: Suggesting a multi-period model

Page 10: Cyber Security Investment in the Age of Big Datacritis2016.org/IMG/pdf/5b_4_cyber_security... · Cyber Security Investment in the Age of Big Data: Reassessment of the Gordon-Loeb

10 / 15

Extending the GL model

2nd impact: Relaxing the assumption of continuity

Cost of cyber security failure, S(Z, v)L

Cost of cyber security investment, Z

Total cost, Z+S(Z, v)L

Optimal cyber security investment Cost

Optimal amount of cyber security investment, Z* Investment

Page 11: Cyber Security Investment in the Age of Big Datacritis2016.org/IMG/pdf/5b_4_cyber_security... · Cyber Security Investment in the Age of Big Data: Reassessment of the Gordon-Loeb

11 / 15

Extending the GL model

2nd impact: Relaxing the assumption of continuity

Page 12: Cyber Security Investment in the Age of Big Datacritis2016.org/IMG/pdf/5b_4_cyber_security... · Cyber Security Investment in the Age of Big Data: Reassessment of the Gordon-Loeb

12 / 15

Application to CIP

An urgent need for efficiency and effectiveness improvement

Page 13: Cyber Security Investment in the Age of Big Datacritis2016.org/IMG/pdf/5b_4_cyber_security... · Cyber Security Investment in the Age of Big Data: Reassessment of the Gordon-Loeb

13 / 15

Concluding comments

Extending the GL model for radically innovative and disruptive technologies

Cost of cyber security failure, S(Z, v)L

Cost of cyber security investment, Z

Total cost, Z+S(Z, v)L

Cost

Optimal amount of cyber security investment, Z*

Page 14: Cyber Security Investment in the Age of Big Datacritis2016.org/IMG/pdf/5b_4_cyber_security... · Cyber Security Investment in the Age of Big Data: Reassessment of the Gordon-Loeb

14 / 15

Further research

A game theory experiment for collecting data

An econometric model for testing our hypothesis

Page 15: Cyber Security Investment in the Age of Big Datacritis2016.org/IMG/pdf/5b_4_cyber_security... · Cyber Security Investment in the Age of Big Data: Reassessment of the Gordon-Loeb

15 / 15

Q&A and discussion


2017 Cost of Cyber Crime Study | Accenture - SAFEWAY · 2017 COST OF CYBER CRIME STUDY > 7 Innovations are generating the highest returns on investment, yet investment in them is

Incident Response in the age of Nation State Cyber Attacks

Comparing Decision Support Approaches for Cyber Security Investment · 2015-02-20 · Comparing Decision Support Approaches for Cyber Security Investment Andrew Fielder , Emmanouil

Cyber Crime in the Digital Age Andy Archibald Head, National Cyber Crime Unit

Risk Intelligent governance in the age of cyber threats ...deloitte.wsj.com/cfo/files/2012/07/board_and_cyber_threats.pdfRisk Intelligent governance in the age of cyber threats

Advanced Security Testing in the Age of Cyber War

Cyber resilient infrastructure - Atkinsexplore.atkinsglobal.com/cyber/Atkins_Cyber... · Cyber resilience by the numbers 08 Defence and security in the information age 10 Operational

Cyber crime:The Transformation Of Crime In The Information Age

Investment Reporting in the Digital Age - Quark · Investment Reporting in the Digital Age: The Case for Dynamic Publishing. ... new models for monetizing investment research and

Firm Age, Investment Opportunities, and Job Creation

Governing in the Age of Cyber Threats | AccentureGOVERNING IN THE AGE OF CYBER THREATS. 2 3 ... apps for empowering citizens and government workers. And unprecedented personalization

Keeping Ones Personality and Humanity in the Electronic and Cyber Age

Developing country multin investment comes of age

Investment Guide for the new age Professional

ComputerWeekly CYBER-PHYSICAL ATTACKS: DAWN OF A NEW AGE IN CYBER-WARFARE?docs.media.bitpipe.com/io_10x/io_102267/item_1306461/RH... · 2017-03-14 · Cyber-physical attacks: Dawn

Humanitarianism in the Age of Cyber-warfare - OCHA€¦ ·  · 2017-02-16Humanitarianism in the Age of Cyber-warfare: ... the extent to which political or criminal groups target

Cyber Disorders: Rivalry and Conflict in a Global Information Age

Enterprise and Cyber Security in Defence -Cyber...2 3 Taking control of your cyber security future In this Digital age, managing cyber security is a perpetual challenge. Evermore sophisticated

COSO IN THE CYBER AGE in the Cyber Age_FULL_r11.pdf · COSO IN THE CYBER AGE Governance and Internal Control Committee of Sponsoring Organizations of the Treadway Commission January

The right cyber security for the digital age

7. Rediscovering Kosmopolis in the Cyber-Information Age

Humanitarianism in the Age of Cyber-warfare:

Resource Investment in the Golden Age of Energy … Investment in the Golden Age of Energy Finance ... The interest rate environment, ... investment is driven by the fundamentals of

Running Head: CYBER BULLYING i CYBER BULLYING: A NEW AGE

RETIREMENT SAVING SOLUTIONS - Glacier Insights · 2019-11-25 · provident fund. Investment period Until at least age 55 Investment period Until at least age 55 Investment period

Cyber Attack the Threat to America in the Age of Cyber Warfare and Internet Terrorism - Jason Clint

CYBER RESILIENCE IN THE DIGITAL AGE

Security in the Cyber Age — A RuleSpace Case Study

Research Report: Ukraine: Dissident Capabilities in the Cyber Age

Coso in the cyber age

editorial Cyber Security Summit · 2019. 1. 16. · With the recently published Cyber Security Strategy, the launch of the National Cyber Security Centre, Government investment of

Cyber Security - Emerging Trends and Investment Outlook

Are You Cyber Prepared? · Preparedness Enrich Business Protection Enable Cyber Agility and Velocity Extinguish Business Risk Eliminate Expensive Investment £ Our Cyber Security

Cyber Liability Insurance: An Essential and Urgently Needed Business Investment

Cyber Security in the Mobile Age - COnnecting REpositories · Cyber Security in the Mobile Age The number of new security threats identified every month continues ... of a corporate