التفاصيل البيبلوغرافية
| العنوان: |
Intrusion Prevention in Information Systems: Reactive and Proactive Responses. |
| المؤلفون: |
YUE, WEI T.1, ÇAKANYILDIRIM, METIN2 |
| المصدر: |
Journal of Management Information Systems. Summer2007, Vol. 24 Issue 1, p329-353. 25p. 1 Diagram, 4 Charts, 11 Graphs. |
| مصطلحات موضوعية: |
*INFORMATION resources management, *PRIVATE security services, *COMPUTER security, *COMPUTER systems, *BUSINESS enterprises, *PERSONAL information management, ELECTRONIC alarm systems, MILITARY strategy |
| مستخلص: |
Intrusion prevention requires effective identification of and response to malicious events. In this paper, we model two important managerial decisions involved in the intrusion prevention process: the configuration of the detection component, and the response by the reaction component. The configuration decision affects the number of alarms the firm has to investigate. It is well known that the traditional intrusion detection system generates too many false alarms. The response decision determines whether alarms are going to be investigated or rejected outright. By jointly optimizing these two decision variables, a firm may apply different strategies in protecting its informational assets: slow but accurate, rapid but inaccurate, or a mixture of the two strategies. We use the optimal control approach to study the problem. Unlike previous literature, which studied the problem with a static model, in our model, the decision on balancing the desire to detect all malicious events with the opportunity costs required to do so is time dependent. Furthermore, we show how the choice of an optimal mixture of reactive and proactive responses depends on the values of cost parameters and investigation rate parameters. We find that in our model, a high damage cost does not immediately translate to a preference of proactive response, or a high false rejection cost does not translate to a preference of proactive response. The dynamics of the problem, such as how fast alarms accumulate and how fast they can be cleared, also affect the decisions. [ABSTRACT FROM AUTHOR] |
|
Copyright of Journal of Management Information Systems is the property of Taylor & Francis Ltd and its content may not be copied or emailed to multiple sites or posted to a listserv without the copyright holder's express written permission. However, users may print, download, or email articles for individual use. This abstract may be abridged. No warranty is given about the accuracy of the copy. Users should refer to the original published version of the material for the full abstract. (Copyright applies to all Abstracts.) |
| قاعدة البيانات: |
Business Source Index |
