cyber security investment in the age of big datacritis2016.org/img/pdf/5b_4_cyber_security... ·...
TRANSCRIPT
![Page 1: Cyber Security Investment in the Age of Big Datacritis2016.org/IMG/pdf/5b_4_cyber_security... · Cyber Security Investment in the Age of Big Data: Reassessment of the Gordon-Loeb](https://reader033.vdocuments.us/reader033/viewer/2022052923/5f03c7ef7e708231d40abcdd/html5/thumbnails/1.jpg)
Cyber Security Investment in the Age of Big Data: Reassessment of the Gordon-Loeb Model and Application to Critical
Infrastructure Protection
Dimitri Percia Davidab, Marcus Matthias Keuppb, Solange
Ghernaoutia, and Alain Mermoudab
a Swiss Cybersecurity Advisory and Research Group, University of Lausanne b Military Academy at ETH Zurich
![Page 2: Cyber Security Investment in the Age of Big Datacritis2016.org/IMG/pdf/5b_4_cyber_security... · Cyber Security Investment in the Age of Big Data: Reassessment of the Gordon-Loeb](https://reader033.vdocuments.us/reader033/viewer/2022052923/5f03c7ef7e708231d40abcdd/html5/thumbnails/2.jpg)
2 / 15
Agenda
Introduction 2’
The economics of information security
Investigating investment dynamics in cybersecruity
Extending the GL model 8’
The impact of Big Data Analytics on the GL model
Suggesting a multi-period model
Relaxing the assumption of continuity
Application to Critical Infrastructure Protection 2’
Concluding comments 2’
Further research 1’
Q&A and discussion 5’
![Page 3: Cyber Security Investment in the Age of Big Datacritis2016.org/IMG/pdf/5b_4_cyber_security... · Cyber Security Investment in the Age of Big Data: Reassessment of the Gordon-Loeb](https://reader033.vdocuments.us/reader033/viewer/2022052923/5f03c7ef7e708231d40abcdd/html5/thumbnails/3.jpg)
3 / 15
Introduction
Economics of Information Security as a complementary approach
Cyber Security issues = bad incentives + bad design
![Page 4: Cyber Security Investment in the Age of Big Datacritis2016.org/IMG/pdf/5b_4_cyber_security... · Cyber Security Investment in the Age of Big Data: Reassessment of the Gordon-Loeb](https://reader033.vdocuments.us/reader033/viewer/2022052923/5f03c7ef7e708231d40abcdd/html5/thumbnails/4.jpg)
4 / 15
Introduction
Investigating investment dynamics in cybersecruity
SINGLE PERIOD MODEL
![Page 5: Cyber Security Investment in the Age of Big Datacritis2016.org/IMG/pdf/5b_4_cyber_security... · Cyber Security Investment in the Age of Big Data: Reassessment of the Gordon-Loeb](https://reader033.vdocuments.us/reader033/viewer/2022052923/5f03c7ef7e708231d40abcdd/html5/thumbnails/5.jpg)
5 / 15
Introduction
Investigating investment dynamics in cybersecruity
MULTI-PERIOD MODEL
Cost of cyber security failure, S(Z, v)L
Cost DISCONTINUOUS FUNCTION
![Page 6: Cyber Security Investment in the Age of Big Datacritis2016.org/IMG/pdf/5b_4_cyber_security... · Cyber Security Investment in the Age of Big Data: Reassessment of the Gordon-Loeb](https://reader033.vdocuments.us/reader033/viewer/2022052923/5f03c7ef7e708231d40abcdd/html5/thumbnails/6.jpg)
6 / 15
Extending the GL model
The impact of Big Data Analytics on the GL model
Security Analytics: from bad signatures to bad actions
MINIMIZING COSTS
CONVENTIONAL CYBERSECURITY MEANS LIMITED SUCCESS
![Page 7: Cyber Security Investment in the Age of Big Datacritis2016.org/IMG/pdf/5b_4_cyber_security... · Cyber Security Investment in the Age of Big Data: Reassessment of the Gordon-Loeb](https://reader033.vdocuments.us/reader033/viewer/2022052923/5f03c7ef7e708231d40abcdd/html5/thumbnails/7.jpg)
7 / 15
Extending the GL model
The impact of Big Data Analytics on the GL model
Security Analytics: from bad signatures to bad actions
BAD SIGNATURES BAD ACTIONS
![Page 8: Cyber Security Investment in the Age of Big Datacritis2016.org/IMG/pdf/5b_4_cyber_security... · Cyber Security Investment in the Age of Big Data: Reassessment of the Gordon-Loeb](https://reader033.vdocuments.us/reader033/viewer/2022052923/5f03c7ef7e708231d40abcdd/html5/thumbnails/8.jpg)
8 / 15
Extending the GL model
The impact of Big Data Analytics on the GL model
From resilience to anticipation: the next generation of information technologies
Real time analytics
Early warnings
Dynamic detection
![Page 9: Cyber Security Investment in the Age of Big Datacritis2016.org/IMG/pdf/5b_4_cyber_security... · Cyber Security Investment in the Age of Big Data: Reassessment of the Gordon-Loeb](https://reader033.vdocuments.us/reader033/viewer/2022052923/5f03c7ef7e708231d40abcdd/html5/thumbnails/9.jpg)
9 / 15
Extending the GL model
1st impact: Suggesting a multi-period model
![Page 10: Cyber Security Investment in the Age of Big Datacritis2016.org/IMG/pdf/5b_4_cyber_security... · Cyber Security Investment in the Age of Big Data: Reassessment of the Gordon-Loeb](https://reader033.vdocuments.us/reader033/viewer/2022052923/5f03c7ef7e708231d40abcdd/html5/thumbnails/10.jpg)
10 / 15
Extending the GL model
2nd impact: Relaxing the assumption of continuity
Cost of cyber security failure, S(Z, v)L
Cost of cyber security investment, Z
Total cost, Z+S(Z, v)L
Optimal cyber security investment Cost
Optimal amount of cyber security investment, Z* Investment
![Page 11: Cyber Security Investment in the Age of Big Datacritis2016.org/IMG/pdf/5b_4_cyber_security... · Cyber Security Investment in the Age of Big Data: Reassessment of the Gordon-Loeb](https://reader033.vdocuments.us/reader033/viewer/2022052923/5f03c7ef7e708231d40abcdd/html5/thumbnails/11.jpg)
11 / 15
Extending the GL model
2nd impact: Relaxing the assumption of continuity
![Page 12: Cyber Security Investment in the Age of Big Datacritis2016.org/IMG/pdf/5b_4_cyber_security... · Cyber Security Investment in the Age of Big Data: Reassessment of the Gordon-Loeb](https://reader033.vdocuments.us/reader033/viewer/2022052923/5f03c7ef7e708231d40abcdd/html5/thumbnails/12.jpg)
12 / 15
Application to CIP
An urgent need for efficiency and effectiveness improvement
![Page 13: Cyber Security Investment in the Age of Big Datacritis2016.org/IMG/pdf/5b_4_cyber_security... · Cyber Security Investment in the Age of Big Data: Reassessment of the Gordon-Loeb](https://reader033.vdocuments.us/reader033/viewer/2022052923/5f03c7ef7e708231d40abcdd/html5/thumbnails/13.jpg)
13 / 15
Concluding comments
Extending the GL model for radically innovative and disruptive technologies
Cost of cyber security failure, S(Z, v)L
Cost of cyber security investment, Z
Total cost, Z+S(Z, v)L
Cost
Optimal amount of cyber security investment, Z*
![Page 14: Cyber Security Investment in the Age of Big Datacritis2016.org/IMG/pdf/5b_4_cyber_security... · Cyber Security Investment in the Age of Big Data: Reassessment of the Gordon-Loeb](https://reader033.vdocuments.us/reader033/viewer/2022052923/5f03c7ef7e708231d40abcdd/html5/thumbnails/14.jpg)
14 / 15
Further research
A game theory experiment for collecting data
An econometric model for testing our hypothesis
![Page 15: Cyber Security Investment in the Age of Big Datacritis2016.org/IMG/pdf/5b_4_cyber_security... · Cyber Security Investment in the Age of Big Data: Reassessment of the Gordon-Loeb](https://reader033.vdocuments.us/reader033/viewer/2022052923/5f03c7ef7e708231d40abcdd/html5/thumbnails/15.jpg)
15 / 15
Q&A and discussion