Knowing the Enemy at the Gates: Measuring Attacker Motivation

Knowing the Enemy at the Gates: Measuring Attacker Motivation

George P. Corser, Suzan Arslanturk, Jared Oluoch, Huirong Fu, George E. Corser
DOI: 10.4018/jitn.2013040107
(Individual Articles)
No Current Special Offers


Traditional cost-benefit analysis (CBA) quantifies the value of information security safeguards in terms of their expenses compared to their savings before and after their implementation. This paper considers CBA from the attacker's viewpoint, adding another type of measurement, the willingness to endure consequences. The authors propose a new set of equations and examine their implications vis-à-vis two typical network attacks, identity theft and intellectual property theft.
Article Preview

Mercuri (2003), Neubauer, Klemen and Biffl (2005) and Shiau, Hsu, and Wang (2009) demonstrated the utility of CBA in measuring computer related risks and opportunities. But Lee and Shao (2006) showed that sometimes there are drawbacks to using ALE, annualized loss expectancy, a fundamental component of traditional CBA. Neubauer and Hartl (2009) showed, too, that it can be difficult to put CBA into actual practice. So while CBA continues to yield benefits to organizations, there appears to be room for improvement and enhancement.

Complete Article List

Search this Journal:
Volume 16: 1 Issue (2024)
Volume 15: 1 Issue (2023)
Volume 14: 1 Issue (2022)
Volume 13: 4 Issues (2021)
Volume 12: 4 Issues (2020)
Volume 11: 4 Issues (2019)
Volume 10: 4 Issues (2018)
Volume 9: 4 Issues (2017)
Volume 8: 4 Issues (2016)
Volume 7: 4 Issues (2015)
Volume 6: 4 Issues (2014)
Volume 5: 4 Issues (2013)
Volume 4: 4 Issues (2012)
Volume 3: 4 Issues (2011)
Volume 2: 4 Issues (2010)
Volume 1: 4 Issues (2009)
View Complete Journal Contents Listing