Cybersecurity planning is challenging for digitized companies that want adequate protection without overspending money. Currently, the lack of investments and perverse economic incentives are the root cause of cyberattacks, which results in several economic impacts on companies worldwide. Therefore, cybersecurity planning has to consider technical and economic dimensions to help companies achieve a better cybersecurity strategy. This article introduces SECAdvisor, a tool to support cybersecurity planning using economic models. SECAdvisor allows to (a) understand the risks and valuation of different businesses' information, (b) calculate the optimal investment in cybersecurity for a company, (c) receive a recommendation of protections based on the budget available and demands, and (d) compare protection solutions in terms of cost-efficiency. Furthermore, evaluations on usability and real-world training activities performed using SECAdvisor are discussed.
翻译:现今,数字化公司希望在不过度开支的情况下获得足够的保护,网络安全规划变得异常具有挑战性。目前缺乏投资和不当的经济 incentives 是造成网络攻击的根本原因,导致全球公司遭受了数十多种经济影响。因此,网络安全规划必须考虑技术和经济两个方面,以帮助公司实现更好的网络安全战略。本文介绍了 SECAdvisor,一种利用经济模型支持网络安全规划的工具。SECAdvisor 可以 (a) 理解不同企业信息的风险和评估,(b) 计算公司在网络安全方面的最佳投资,(c) 根据可用预算和需求提供保护建议,以及 (d) 从成本效益角度比较保护方案。此外,本文还讨论了使用SECAdvisor 进行的可用性评估和现实世界中进行的培训活动。
相关内容
微信扫码咨询专知VIP会员