IncidentResponseSim: An Agent-Based Simulation Tool for Risk Management of Online Fraud
2015 (English)In: Lecture Notes in Computer Science, ISSN 0302-9743, E-ISSN 1611-3349, Vol. 9417, 172-187 p.Article in journal (Refereed) Published
IncidentResponseSim is a multi-agent-based simulation tool supporting risk management of online financial services, by performing a risk assessment of the quality of current countermeasures, in the light of the current and emerging threat environment. In this article, we present a set of simulations using incident response trees in combination with a quantitative model for estimating the direct economic consequences. The simulations generate expected fraud, and conditional fraud value at risk, given a specific fraud scenario. Additionally, we present how different trojan strategies result in different conditional fraud value at risk, given the underlying distribution of wealth in the online channel, and different levels of daily transaction limits. Furthermore, we show how these measures can be used together with return on security investment calculations to support decisions about future security investments.
Place, publisher, year, edition, pages
2015. Vol. 9417, 172-187 p.
Risk management, Online fraud, Incident Response Tree (IRT), Value at Risk (VaR), Simulation, Return on Security Investment (ROSI)
Computer and Information Science
IdentifiersURN: urn:nbn:se:kth:diva-176310DOI: 10.1007/978-3-319-26502-5_12ScopusID: 2-s2.0-84951871321OAI: oai:DiVA.org:kth-176310DiVA: diva2:866575
20th Nordic Conference, NordSec 2015, Stockholm, Sweden, October 19–21, 2015
QC 201511032015-11-032015-11-032015-11-03Bibliographically approved