Use this URL to cite or link to this record in EThOS: https://ethos.bl.uk/OrderDetails.do?uin=uk.bl.ethos.757725
Title: Software security investment modelling for decision-support
Author: Heitzenrater, Chad D.
ISNI:       0000 0004 7430 5341
Awarding Body: University of Oxford
Current Institution: University of Oxford
Date of Award: 2017
Availability of Full Text:
Access from EThOS:
Full text unavailable from EThOS. Please try the link below.
Access from Institution:
Abstract:
While it is widely agreed that contemporary computer security is insufficient to meet the challenges faced, the remedies for its failures are far less obvious. Vast resources have been placed into technical solutions to little effect, prompting some to employ the constructs of economics to frame this problem as one to be 'managed', rather than 'solved'. However, to date economically-inspired decision support approaches have focused disproportionately on post-deployment security investment. With the preponderance of security issues stemming from the introduction of vulnerabilities during design and development, models that span the system development lifecycle are essential to efficiently address the root of many security issues. In addition, the need to impact system security at a fundamental level requires integration with existing security-development processes and standards. This dissertation presents an approach to secure software development that is derived from an economically-inspired understanding of security. After demonstrating how existing security guidance can give rise to inefficient decisions, models for security investment are developed that incorporate investments made in software security during system inception and development relative to those made during deployment and operations. By employing these models, conditions are identified whereby software security improves the return on (security) investment, and provide theoretical and empirical evidence to support the adoption of software security. This is followed by an exploration of how economic considerations can drive existing secure software engineering processes, culminating in a case study that illustrates the application of these principles to an ongoing system development effort.
Supervisor: Simpson, Andrew Sponsor: Not available
Qualification Name: Thesis (Ph.D.) Qualification Level: Doctoral
EThOS ID: uk.bl.ethos.757725  DOI: Not available
Share: