Rebecca T. Mercuri
Abstract
Quantification tools, if applied prudently, can assist in the anticipation, budgeting, and control of direct and indirect computer security costs.
- Adams, J. Cars, Cholera, and Cows: The Management of Risk and Uncertainty. Cato Institute, March 1999.Google Scholar
- Anderson, R. Why Information Security is Hard---An Economic Perspective. Sept. 2001; www.cl.cam.ac.uk/~rja14/econsec.htmlGoogle Scholar
- Beattie, A. et al. Timing the application of security patches for optimal uptime. In Proceedings of LISA '02: Sixteenth Systems Administration Conference, USENIX Association (Nov. 2002). Google ScholarDigital Library
- Brookings Institution. Interdependent Security: Implications for Homeland Security Policy and Other Areas. Policy Brief #108, Oct. 2002.Google Scholar
- Clarke, R. Computer matching by government agencies: The failure of cost/benefit analysis as a control mechanism. Information Infrastructure and Policy 4, 1 (Mar. 1995); www.anu.edu.au/people/Roger.Clarke/DV/MatchCBA.htmlGoogle Scholar
- Federal Information Processing Standards. Guideline for the Analysis of Local Area Network Security. National Institute of Standards and Technology, FIPS PUB 191, Nov. 1994; www.itl.nist.gov/fipspubs/fip191.htmGoogle Scholar
- Gordon, L.A. and Loeb, M.P. Return on information security investments: Myths vs. realities. Strategic Finance Magazine (Nov. 2002); www.strategicfinancemag.com/2002/11i.htmGoogle Scholar
- Office of the Deputy Chief Information Officer. Cost-Benefit Analysis Guide for NIH IT Projects. Center for Information Technology, National Institutes of Health, May 1999; wwwoirm.nih.gov/itmra/cbaguide.htmlGoogle Scholar
- Silverman, R.D. A cost-based security analysis of symmetric and asymmetric key lengths. RSA Laboratories Bulletin 13 (Apr. 2000).Google Scholar
- Wei, F. et al. Cost-benefit analysis for network intrusion detection systems. In Proceedings of the CSI 28th Annual Computer Security Conference, (Oct. 2001).Google Scholar
Index Terms
- Analyzing security costs
Recommendations
Costs of Incorrect Data in Optimal Inventory Computations
Consider an infinite-stage inventory process in which the cost of ordering an amount y of stock is ky, and the penalty cost incurred in meeting an excess demand y over the stock on hand is py + q; also, the process assumes that demands at successive ...
Approximation algorithms for inventory problems with submodular or routing costs
We consider the following two deterministic inventory optimization problems with non-stationary demands. Submodular joint replenishment problem. This involves multiple item types and a single retailer who faces demands over a finite planning horizon of ...
A general model for EOQ inventory systems with partial backlogging and linear shortage costs
We present a mathematical model which generalises several known deterministic Economic Order Quantity (EOQ) inventory systems with partial backlogging. This inventory model considers purchasing cost, holding cost, shortage costs and replenishment cost. ...
Comments