Change search
ReferencesLink to record
Permanent link

Direct link
Options-Based Security-Oriented Framework for Addressing Uncerainty Issues in IT Security
KTH, School of Information and Communication Technology (ICT), Electronic Systems.
2010 (English)Doctoral thesis, monograph (Other academic)
Abstract [en]

Continuous development and innovation in Information Technology introduces novel configuration methods, software development tools and hardware components. This steady state of flux is very desirable as it improves productivity and the overall quality of life in societies. However, the same phenomenon also gives rise to unseen threats, vulnerabilities and security concerns that are becoming more critical with the passage of time. As an implication, technological progress strongly impacts organizations’ existing information security methods, policies and techniques, making obsolete existing security measures and mandating reevaluation, which results in an uncertain IT infrastructure. In order to address these critical concerns, an options-based reasoning borrowed from corporate finance is proposed and adapted for evaluation of security architecture and decision- making to handle them at organizational level. Options theory has provided significant guidance for uncertainty management in several domains, such as Oil & Gas, government R&D and IT security investment projects. We have applied options valuation technique in a different context to formalize optimal solutions in uncertain situations for three specific and identified uncertainty issues in IT security. In the research process, we formulated an adaptation model for expressing options theory in terms useful for IT security which provided knowledge to formulate and propose a framework for addressing uncertainty issues in information security. To validate the efficacy of this proposed framework, we have applied this approach to the SHS (Spridnings- och Hämtningssystem) and ESAM (E-Society) systems used in Sweden. As an ultimate objective of this research, we intend to develop a solution that is amenable to automation for the three main problem areas caused by technological uncertainty in information security: i) dynamically changing security requirements, ii) externalities caused by a security system, iii) obsoleteness of evaluation. The framework is general and capable of dealing with other uncertainty management issues and their solutions, but in this work we primarily deal with the three aforementioned uncertainty problems. The thesis presents an in-depth background and analysis study for a proposed options-based security-oriented framework with case studies for SHS and ESAM systems. It has also been assured that the framework formulation follows the guidelines from industry best practices criteria/metrics. We have also proposed how the whole process can be automated as the next step in development.

Place, publisher, year, edition, pages
Stockholm: KTH , 2010. , xvi, 178 p.
Trita-ICT-ECS AVH, ISSN 1653-6363 ; 10:04
National Category
Computer Science
Research subject
URN: urn:nbn:se:kth:diva-24327ISBN: 978-91-7415-707-9OAI: diva2:346569
Public defence
2010-09-13, SAL D, KTH-Forum, Isafjordagatan 39, Kista, 15:00 (English)
QC 20100902Available from: 2010-09-02 Created: 2010-09-01 Last updated: 2010-09-02Bibliographically approved

Open Access in DiVA

No full text

Search in DiVA

By author/editor
Abbas, Haider
By organisation
Electronic Systems
Computer Science

Search outside of DiVA

GoogleGoogle Scholar
The number of downloads is the sum of all downloads of full texts. It may include eg previous versions that are now no longer available

Total: 819 hits
ReferencesLink to record
Permanent link

Direct link