Overview: The article works in the direction to integrate the three areas that are involved in Network Safeguarding Practices. The areas are identification of well-defined security policies, selection of cost-effective defense strategies and implementation of real-time defense tactics. This paper introduces a layered decision model (LDM) for use in deciding how to address defense decisions based on cost-effectiveness. To illustrate the technique, the LDM model is applied to the design of network defense for a sample e-commercial business. In addition, this model provides an analytical framework that allows trace-ability of costs between all decision layers, and performs iterative traversing decision process between decision layers..
This framework combines risk assessment, business cost modeling, and cost-benefit analysis which uses return on investment (ROI) analysis.This model has three layers and Model Components. Layer Zero, Layer One and Layer Two are the three layers. Security policies are defined at decision Layer Zero; defense strategies at Layer One; and defense tactics at Layer Two.Other model components, used variously as inputs or as “internal state” needed to make a decision, include the risk assessment for identifying threat profiles, the business cost modeling for estimating the business cost associated with each threat and related security mean(s), and the cost-benefit analysis based on the return on investment (ROI) analysis for comparing and selecting the cost-effective defense mean(s).
Methodology: In the article, the authors demonstrated by applying LDM to the construction of a layered decision set for a simplified model of an e-commercial business case. In this scenario, the fictitious company is a Web based on-line trading company that sells products to customers all over the country. The current year’s enterprise strategy of this company is to increase the revenue by 20% based on previous year’s revenue of $100,000,000.The objective of the network security is to protect the following business goals.g1: Confidentialityg2: Integrityg3: Availabilityg4: Non RepudiationAfter defining business goals, G = {g1, g2, g3, g4}, the company identified the threats and ranked them (T)a. Unauthorized access (t1)–attacker can obtain unauthorized access by guessing user names and passwords. The attacker may obtain the root access and change system files, or modify trading data.
b. Application level attack (t2)–attacker may exploit well known weakness in software and OS that are commonly found on servers to obtain root access.c. Denial of service attack (t3)–attack by flooding target host with packets.d. IP spoofing attack (t4)–attacker can modify the source IP address of the packet he sends, which makes people assume that the packet comes from somewhere else.e.
Virus and Worm attack (t5)–Virus and worm can spread through email and network space.Therefore, Tt,b,0 = { t1, t2, t3, t4, t5} Rank = { 1, 4, 5, 2, 3}Based on the business goals and the ranked threats the model defines 13 security policies.Therefore, Pt,b = { p1, p2, p3, p4, p5, p6, p7, p8, p9, p10, p11, p12, p13 }Based on the security policies of Layer Zero, the Layer One decision is where the organization proposes and evaluates three potential defense strategy sets.Strategy set one (St,b,1) is a comprehensive package and assumes that the company has sufficient budget to purchase or implement these defense strategies.Strategy set two (St,b,2) assumes limited implementation of security defense strategies.
This situation may occur when budget are limited.Strategy set three (St,b,3) has similar features as strategy set one (St,b,1), but uses components from another vendor. The prices are higher, but the effectiveness is lower relative to St,b,1 when handling some attacks.LDM estimated the cost and assessed the following three potential defense tactics based on defense strategy set one:a.
Tactic one (r1): Terminating the connection and session.b. Tactic two (r2): Recording, logging and notifying administrator.c. Tactic three (r3): Turning off the host and rebooting the server.Result: The annual frequencies (times/year) of these are 5, 2, 5, 10, and 5 respectively.
Based on estimate, the successful events of these threats cause the revenue decrease by 0.5%, 0.03%, 0.
01%, 0.05%, and 0.03% respectively.
From the result table we can see that St,b,1 has the highest overall ROI when handling different types of attacks. Therefore, we select St,b,1 as the best strategy set. Please notice that it might be able to estimate the return on investment (ROI) of each individual defense strategy (i.e. IDSs (s1,2)) when handling each individual attack (i.e. unauthorized access attack (t1)), but the purpose of this example is to estimate the overall cost-effectiveness of a package (set) of defense strategy when handling a list of identified threats. The potential damage cost (SLE) of the successful attack could be $600k.
r1 has 85% effectiveness and its cost (includes response cost and operational cost) is $100k. r2 is only 50% effective, even though its cost is only $50k. r3 is 90% effective, but its cost could be as high as $200k.The ROI of r1 is: ($600k X 0.85) / ($100k + $600k X 0.15) = 2.68The ROI of r2 is: ($600k X 0.
5) / ($50k + $600k X 0.50) = 0.86 The ROI of r3 is: ($600k X 0.
9) / ($200k + $600k X 0.1) = 2.08My Views:Security policy is a set of rules and practices that specify or regulate how a system or organization provides security service to protect sensitive and critical system resources. A defense strategy is the combinations of different defense techniques and operations. A defense tactic is the instantaneous defensive reaction when a network is under attack.Specific security policies, defense strategies and defense tactics are determined as the model is used – they are not embedded in the structure of the model itself.
The inputs to Layer Zero are the business goals and threat environment. The outputs are policies (which embody the goals) and ranked threats (based on the priorities of the business). Layer Zero may be considered the set of all decisions about what a business ought to be doing.Layer One addresses defense strategies as selected within the context of predetermined business goals. The purpose of making decisions in Layer One is to determine a set of defense strategies that will achieve the needs of the security policy with respect to the ranked threats.
Layer Two decisions involve choosing specific defense tactics. The input of Layer Two is a particular defense strategy set provided by Layer One (as well as the associated ranked threats).
