@inproceedings{3ced12fa2ac24b9e9a67cea413a87904,
title = "Modeling cybersecurity risks: Proof of concept of a holistic approach for integrated risk quantification",
abstract = "Decision-making in cyber-security is mostly ad-hoc and highly reliant on static policies, as well as human intervention. This does not fit current networks/systems, as they are highly dynamic systems where security assessments have to be performed, and decisions have to be made, automatically and in real-Time. To address this problem, we propose a risk-based approach to cybersecurity decision-making. In our model, the system undergoes a continuous security risk assessment based on risk; decisions for each action are taken based on constructing a sequence of alternative actions and weighing the cost-benefit trade-offs for each alternative. We demonstrate the utility of our system on a concrete example involving protecting an SQL server from SQL injection attacks. We also discuss the challenges associated with implementing our model.",
keywords = "SQL injection, cybersecurity, dynamic risk, risk assessment, risk calculation",
author = "Diane Henshel and Alexander Alexeev and Mariana Cains and Jeff Rowe and Hasan Cam and Blaine Hoffman and Iulian Neamtiu",
note = "Publisher Copyright: {\textcopyright} 2016 IEEE.; 2016 IEEE Symposium on Technologies for Homeland Security, HST 2016 ; Conference date: 10-05-2016 Through 11-05-2016",
year = "2016",
month = sep,
day = "14",
doi = "10.1109/THS.2016.7568937",
language = "English (US)",
series = "2016 IEEE Symposium on Technologies for Homeland Security, HST 2016",
publisher = "Institute of Electrical and Electronics Engineers Inc.",
booktitle = "2016 IEEE Symposium on Technologies for Homeland Security, HST 2016",
address = "United States",
}