Cost effective management frameworks for intrusion detection systems

Journal of Computer Security

Volumn 12, Issue 5, 2004, Pages 777-798

  Iheagwara, Charles ^a   Blyth, Andrew ^b   Singhal, Mukesh ^c  

^a Una Telecom Inc   (United States)

^b UNIVERSITY OF GLAMORGAN   (United Kingdom)

^c UNIVERSITY OF KENTUCKY   (United States)

Author keywords

[No Author keywords available]

Indexed keywords

COST EFFECTIVENESS; DECISION MAKING; INDUSTRIAL MANAGEMENT; INFORMATION TECHNOLOGY; PROBLEM SOLVING; STRATEGIC PLANNING;

BUSINESS COMMUNITY; FINANCIAL BENEFITS; INTRUSION DETECTION SYSTEMS; TECHNICAL SECURITY;

SECURITY OF DATA;

EID: 27844527031     PISSN: 0926227X     EISSN: None     Source Type: Journal    
DOI: 10.3233/JCS-2004-12506     Document Type: Article

References (20)

1. K. Richards, Network based intrusion detection: a review of technologies, Computers & Security 18 (1999), 671-682.
2. C. Iheagwara et al., Evaluation of the performance of IDS systems in a switched and distributed environment, Computer Networks 39 (2002), 93-112.
3. C. Iheagwara et al., A comparative experimental evaluation study of intrusion detection system performance in a gigabit environment, Journal of Computer Security 11(1) (2003).
4. W. Lee et al., Toward Cost-Sensitive Modeling for Intrusion Detection and Response, North Carolina State University, 1999.
5. S. Stolfo et al., Cost-Based Modeling for Fraud and Intrusion Detection Results from the JAM Project, Technical Report, Columbia University.
6. S.A. Butler, Security attribute evaluation method: A cost-benefit approach, in: Proceedings of the International Conference on Software Engineering, Orlando, FL, 2002.
7. H. Wei et al., Cost benefit analysis for network intrusion detection systems, in: Proceedings of the CSI 28th Annual Computer Security Conference, Washington, DC, October 2001.
8. C. Irvine et al., Toward a taxonomy and costing method for security metrics, in: Proceedings of the Annual Computer Security Applications Conference, Phoenix, AZ, 1999.
9. Cohen et al., A preliminary classification scheme for information system threats, attacks, and defenses; a cause and effect model; and some analysis based on that model, Sandia National Laboratories, September, 1998.
10. Federal Information Processing Standards, Guideline for the Analysis of Local Area Network Security. National Institute of Standards and Technology, FIPS PUB 191, November 1994; http://www.itl.nist.gov/fipspubs/fip191.htm.
11. R. Clarke, Computer matching by government agencies: The failure of cost/benefit analysis as a control mechanism, Information Infrastructure and Policy 4, 1 (March) (1995); http://www.anu.edu.au/people/Roger.Clarke/DV/ MatchCBA.html.
12. NIH's Cost-Benefit Analysis Guide for NIH IT Projects. Available at: http://wwwoirm.nih.gov/itmra/cbaguide.doc.
13. A. Beattie et al., Timing the application of security patches for optimal uptime, in: Proceedings of LISA'02: Sixteenth Systems Administration Conference, USENIX Association, 2002.
14. R.D. Silverman, A cost-based security analysis of symmetric and asymmetric key lengths, RSA Laboratories Bulletin 13 (April) (2000).
15. L. Gordon et al., Return on information security investments: Myths vs. realities. Strategic Finance Magazine (Nov.) (2002); http://www. strategicfinancemag.com/2002/11i.htm.
16. T. Kevin et al., CTM, Technical Report, Netsolve, Inc., Austin, USA, 2002.
17. C. Iheagwara, The effect of intrusion detection management methods on the return on investment, Computers & Security Journal (October) (2003) (accepted).
18. H. Debar et al., Towards a taxonomy of intrusion-detection systems. Computer Networks 31 (1999).
19. http://www.silicondefense.com/software/acbm/speed_of_snort_03_16_2001. pdf.
20. http://www.nss.co.uk/Articles/IntrusionDetection.htm.