Knowing the Enemy at the Gates: Measuring Attacker Motivation

Knowing the Enemy at the Gates: Measuring Attacker Motivation

George P. Corser (Oakland University, Rochester, MI, USA), Suzan Arslanturk (Oakland University, Rochester, MI, USA), Jared Oluoch (Oakland University, Rochester, MI, USA), Huirong Fu (Oakland University, Rochester, MI, USA) and George E. Corser (Destination Imagination, Houghton, MI, USA)
DOI: 10.4018/jitn.2013040107
OnDemand PDF Download:
$30.00
List Price: $37.50

Abstract

Traditional cost-benefit analysis (CBA) quantifies the value of information security safeguards in terms of their expenses compared to their savings before and after their implementation. This paper considers CBA from the attacker's viewpoint, adding another type of measurement, the willingness to endure consequences. The authors propose a new set of equations and examine their implications vis-à-vis two typical network attacks, identity theft and intellectual property theft.
Article Preview

Mercuri (2003), Neubauer, Klemen and Biffl (2005) and Shiau, Hsu, and Wang (2009) demonstrated the utility of CBA in measuring computer related risks and opportunities. But Lee and Shao (2006) showed that sometimes there are drawbacks to using ALE, annualized loss expectancy, a fundamental component of traditional CBA. Neubauer and Hartl (2009) showed, too, that it can be difficult to put CBA into actual practice. So while CBA continues to yield benefits to organizations, there appears to be room for improvement and enhancement.

Complete Article List

Search this Journal:
Reset
Open Access Articles: Forthcoming
Volume 9: 4 Issues (2017)
Volume 8: 4 Issues (2016)
Volume 7: 4 Issues (2015)
Volume 6: 4 Issues (2014)
Volume 5: 4 Issues (2013)
Volume 4: 4 Issues (2012)
Volume 3: 4 Issues (2011)
Volume 2: 4 Issues (2010)
Volume 1: 4 Issues (2009)
View Complete Journal Contents Listing