User Tools
security_economics
Differences
This shows you the differences between two versions of the page.
| Both sides previous revision Previous revision | Next revision Both sides next revision | ||
|
security_economics [2018/11/26 00:22] fabio.massacci@unitn.it |
security_economics [2018/11/26 00:28] fabio.massacci@unitn.it |
||
|---|---|---|---|
| Line 6: | Line 6: | ||
| * On the fairness of seucirty taxes in presence on interdependence | * On the fairness of seucirty taxes in presence on interdependence | ||
| + | * Estimating quantitative likelihood | ||
| * Cyber-Insurance: good for your company, bad for your country? | * Cyber-Insurance: good for your company, bad for your country? | ||
| - | * The Work Averse Attacker Model | + | * The Work Averse Attacker Model (A different way to consider attackers) |
| * Black markets actually work! | * Black markets actually work! | ||
| * Risk vs Rule base regulation: what is the best way to regulate? | * Risk vs Rule base regulation: what is the best way to regulate? | ||
| Line 14: | Line 15: | ||
| See also our section on [[vulnerability_discovery_models|Finding and Assessing Vulnerabilities]] in particular if you are interesting in understanding what's the risk reduction for different types of vulnerabilities and [[malware_analysis|Malware Analysis]]. | See also our section on [[vulnerability_discovery_models|Finding and Assessing Vulnerabilities]] in particular if you are interesting in understanding what's the risk reduction for different types of vulnerabilities and [[malware_analysis|Malware Analysis]]. | ||
| + | |||
| + | ==== Beyond 1-5 Risk Matrices: quantitative likelihood === | ||
| Line 62: | Line 65: | ||
| If you like to have an idea of the model this other picture shows you the Change in the number of attacked systems for two attacks against different systems Δ = T days apart ({{:research_activities:economics:model_extended2.pdf|PDF}}). | If you like to have an idea of the model this other picture shows you the Change in the number of attacked systems for two attacks against different systems Δ = T days apart ({{:research_activities:economics:model_extended2.pdf|PDF}}). | ||
| - | If you are interested in knowing whether we could use this insight for actual predictions please look at our [[https://securitylab.disi.unitn.it/doku.php?id=vulnerability_discovery_models|vulnerability section]] where we report our work on risk reduction that made its way to the CVSS (COmmon Vulnerability Scoring System) v3 world standard. | + | If you are interested in knowing whether we could use this insight for actual predictions please look at our [[https://securitylab.disi.unitn.it/doku.php?id=vulnerability_discovery_models|vulnerability section]] where we report our work on risk reduction that made its way to the CVSS (Common Vulnerability Scoring System) v3 world standard. |
security_economics.txt · Last modified: 2021/01/29 10:58 (external edit)
Page Tools
