期刊名称:International Journal of Computer Science and Network Security
印刷版ISSN:1738-7906
出版年度:2011
卷号:11
期号:10
页码:108-119
出版社:International Journal of Computer Science and Network Security
摘要:Security management, security risk management and security service evaluation involve deciding on a security strategy and an appropriate set of security solutions to align with the strategy. However, as there are limited budget, time and resources available to identify, select, employ, monitor, review and maintain the set of security solutions, multiple perspectives must be taken into consideration in the decision making process. One important factor for constructing effective security solution decision is to make the decision dynamic. The nature of security risk changes day by day. As time passes old risks may go away and new risks may arise. So it is necessary to make the security decision in such a way that it can keep pace with the frequently changing security risks. The security solution decision must be satisfied with the demand of changing circumstances due to changing in time and changing in technologies so that decision maker can maintain an acceptable risk level and demolish the undesirable effect of uncertainty by providing improved risk assessment and management activities. Real Option Analysis (ROA) can be seen as a promising alternative to offer effective and dynamic security solution decision making process. It offers possibilities to improve decision making in security solution decision. This paper investigates how ROA could be used to assist in security solution decisions by integrating ROA with Security Decision Making Process (SDMP) which facilitates any organization to achieve better business continuity plan. Later the framework is tested through a simulation example. Real option thinking has been applied to several software designs and engineering concepts, such as eXtreme Programming (XP), COTS-based development, project investment analysis, decision making in software prototyping and strategic software reuse. Comparing with the software engineering issues, planning a security solution decision through ROA includes more uncertainties.
关键词:Real option; Real option analysis; Security solution decision; Uncertainty
