When being hot is not cool: Monitoring hot lists for information security

Information Systems Research

Volumn 27, Issue 4, 2016, Pages 897-918

  Ji, Yonghua ^a   Kumar, Subodha ^b   Mookerjee, Vijay ^c  

^a UNIVERSITY OF ALBERTA   (Canada)

^b TEXAS A AND M UNIVERSITY   (United States)

^c UNIVERSITY OF TEXAS AT DALLAS   (United States)

Author keywords

IT security; Monitoring and profiling; Optimization; Outsourcing

Indexed keywords

COSTS; ECONOMIC AND SOCIAL EFFECTS; OPTIMIZATION; OUTSOURCING; PROBABILITY DENSITY FUNCTION; PROBLEM SOLVING; SECURITY OF DATA;

ADDITIONAL KNOWLEDGE; IT SECURITY; OPERATIONAL OVERHEADS; OPTIMAL SOLUTIONS; PENALTY COEFFICIENT; PROBABILITY DENSITIES; SECURITY MONITORING; TWO DIMENSIONAL OPTIMIZATIONS;

MONITORING;

EID: 85010423780     PISSN: 10477047     EISSN: 15265536     Source Type: Journal    
DOI: 10.1287/isre.2016.0677     Document Type: Article

References (79)

1. August T, Tunca TI (2011) Who should be responsible for software security? A comparative analysis of liability policies in network environments. Management Sci. 57(5):934-959
2. August T, Niculescu MF, Shin H (2014) Cloud implications on software network structure and security risks. Inform. Systems Res. 25(3):499-510
3. Axelsson S (2000) Intrusion detection systems: A taxonomy and survey. Technical Report 99-15 Department of Computer Engineering, Chalmers University of Technology, Gothenburg, Sweden
4. Baayer J, Regragui B, Baayer A (2014) False positive responses optimization for intrusion detection system. J. Inform. Security 5(2):19-36
5. Bai X, Gopal R, Nunez M, Zhdanov D (2014) A decision methodology for managing operational efficiency and information disclosure risk in healthcare processes. Decision Support Systems 57(1):406-416
6. Bejtlich R (2004) The Tao of Network Security Monitoring: Beyond Intrusion Detection (Addison-Wesley Professional, Boston)
7. Brown JD (2012) To outsource or not outsource: That is the network security question. StillSecure White Paper. http://www .hostway.com/managed-security/media/StillSecure%20Insource:vs_Outsource:whitepaper.pdf
8. Bucklin R, Sismeiro C (2003) A model ofWeb site browsing behavior estimated on clickstream data. J. Marketing Res. 40(3):249-267
9. Cavusoglu H, Cavusoglu H, Raghunathan S (2004a) Economics of IT security management: Four improvements to current security practices. Comm. Assoc. Inform. Systems 14(3):65-75
10. Cavusoglu H, Koh B, Raghunathan S (2010) An analysis of the impact of passenger profiling for transportation security. Oper. Res. 158(5):1287-1302
11. Cavusoglu H, Mishra B, Raghunathan S (2004b) A model for evaluating IT security investments. Comm. ACM 47(7):87-92
12. Cavusoglu H, Mishra B, Raghunathan S (2005) The value of intrusion detection systems in information technology security architecture. Inform. Systems Res. 16(1):28-46
13. Cavusoglu H, Raghunathan S, Cavusoglu H (2009) Configuration of and interaction between information security technologies: The case of firewalls and intrusion detection systems. Inform. Systems Res. 20(2):198-217
14. Cavusoglu H, Raghunathan S, Yue WT (2008) Decision-theoretic and game-theoretic approaches to IT security investment. J. Management Inform. Systems 25(2):281-304
15. Cezar A, Cavusoglu H, Raghunathan S (2014) Outsourcing information security: Contracting issues and security implications. Management Sci. 60(3):638-657
16. Cisco (2015) Cisco security monitoring, analysis, and response system 4.3.1 and 5.3.1. http://goo.gl/7xfIVO
17. Datta A, Dutta K, Thomas H, VanderMeet D (2003)World wide wait: A study of Internet scalability and cache-based approaches to alleviate it. Management Sci. 49(10):1425-1444
18. Dell (2015) Going the MSSP route. http://www.secureworks.com/assets/pdf-store/articles/going_the_mssp_route_-_tco_issues .pdf
19. Ding W, Yurcik W (2005) Outsourcing Internet security: The effect of transaction costs on managed service providers. Gavish B, ed. Internat. Conf. Telecomm. Systems, Modeling, Anal. (Institute for Information Infrastructure Protection, Washington, DC), 947-958
20. Ding W, Yurcik W (2006) Economics of Internet security outsourcing: Simulation results based on the Schneier model. Workshop Econom. Securing Inform. Infrastructure 4WESII5 (American Telecommunications Systems Management Association, Dallas), 23-23
21. F5 Networks (2013) Configuration guide for BIG-IP application security manager. Seattle, https://goo.gl/L9s7HZ
22. F5 Networks (2015) BIG-IP application security manager online manual. Seattle, https://support.f5.com/kb/en-us/products/big-ip_asm.html
23. Fang X, Sheng LOR, Gao W, Iyer B (2006) A data-mining-based prefetching approach to caching for network storage systems. INFORMS J. Comput. 18(2):267-282
24. Fisher W, Meier-Hellstern K (1993) The Markov-modulated Poisson process (MMPP) cookbook. Performance Evaluation 18(2): 149-171
25. Fitzparick V (2008) Intrusion detection and prevention in-sourced or out-sourced. SANS Inst. InfoSec Reading Room, http://www.sans .org/reading-room/whitepapers/intrusion/intrusion-detection-prevention-in-sourced-out-sourced-32854
26. Garfinkel R, Gopal R, Thompson S (2007) Releasing individually identifiable microdata with privacy protection against stochastic threat: An application to health information. Inform. Systems Res. 18(1):23-41
27. Gartner (2014) Gartner says worldwide information security spending will grow almost 8 percent in 2014 as organizations become more threat-aware. http://www.gartner.com/newsroom/id/2828722
28. Goodall JR, Lutters WG, Komlodi A (2004) I know my network: Collaboration and expertise in intrusion detection. Herbsleb J, Olson G, eds. Proc. 2004 ACM Conf. Comput. Supported Cooperative Work (ACM, New York), 342-345
29. Goodall JR, Lutters WG, Komlodi A (2009) Developing expertise for network intrusion detection. Inform. Tech. People 22(2):92-108
30. Gupta A, Zhdanov D (2012) Growth and sustainability of managed security services networks: An economic perspective. MIS Quart. 36(4):1109-1130
31. Heindl A (2003) Decomposition of general queueing networks with MMPP inputs and customer losses. Performance Evaluation 51(2-4):117-136
32. Hewlett-Packard (2013) Security operations-Building a successful SOC. http://www8.hp.com/h20195/V2/GetPDF.aspx/4AA4-6169ENW.pdf
33. Himberger KD, Jeffries CD, McMillen DM, Ziraldo JA (2006) System, method, and program product for managing an intrusion detection system. US Patent US7084760 B2
34. Hosanagar K, Tan Y (2011) Cooperative cashing? An economic analysis of document duplication in cooperative Web caching. Inform. Systems Res. 23(2):356-375
35. Hui KL, Hui W, Yue WT (2012) Information security outsourcing with system interdependency and mandatory security requirement. J. Management Inform. Systems 29(3):117-156
36. IBM (2015) IBM managed security services for security event and log management. http://www-935.ibm.com/services/us/igs/pdf-iss-contracts/ireland-7808-00.pdf
37. Jonsson E, Olovsson T (1997) A quantitative model of the security intrusion process based on attacker behavior. IEEE Trans. Software Engrg. 23(4):235-245
38. Kaplan J (2003) Outsourcing trends-A matter of perspective? Bus. Comm. Rev. 33(8):46-50
39. Kavanagh K, Pescatore J (2009) Magic quadrant for MSSPs, North America. Gartner RAS Core Res. Note G00166138. http://www.tatacommunications.com/downloads/enterprise/Tata_Communications_3053.pdf
40. Kaya C, Zhang G, Tan Y, Mookerjee V (2009) An admission-control technique for delay reduction in proxy caching. Decision Support Systems 46(2):594-603
41. Kelly T, Reeves R (2001) Optimal Web cache sizing: Scalable methods for exact solutions. Comput. Comm. 24(2):163-173
42. Kerr D (2013) Bots now running the Internet with 61 percent of Web traffic. CNET (December 12). http://www.cnet.com/news/bots-now-running-the-internet-with-61-percent-of-web-traffic/
43. Kim E (2015) Companies are freaked out about cybersecurity and plan to spend a lot more on it this year. Bus. Insider (January 6) https://goo.gl/XOMTKz
44. Kubota M (2005) Intrusion detection and prevention system. US Patent US7757285 B2
45. Kumar S, Spafford E (1996) A pattern matching model for misuse intrusion detection. Working paper, Purdue University, West Lafayette, IN
46. Lacity MC, Khan SA, Willcocks LP (2009) A review of the IT outsourcing literature: Insights for practice. J. Strategic Inform. Systems 18(3):130-146
47. Law A (2014) Simulation Modeling and Analysis, 3rd ed. (McGraw-Hill, Boston)
48. Lord N (2015) How to hire and evaluate managed security service providers (MSSPs). Digital Guardian, https://goo.gl/UWYdS2
49. McLay L, Jacobson S, Kobza J (2006) A multilevel passenger screening problem for aviation security. Naval Res. Logist. 53(3): 183-197
50. McLay L, Jacobson S, Kobza J (2008) The trade-off between technology and prescreening intelligence in checked baggage screening for aviation security. J. Transportation Security 1(2):107-126
51. Mitchell R, Chen I (2014) A survey of intrusion detection techniques for cyber-physical systems. ACM Comput. Surveys 46(4): Article 55
52. Moitra S, Konda S (2000) A simulation model for managing survivability of networked information systems. Technical Report, Carnegie Mellon Software Engineering Institute, Carnegie Mellon University, Pittsburgh
53. Monrose F, Rubin A (1997) Authentication via keystroke dynamics. 4th ACM Conf. Comput. Comm. Security (ACM, New York), 48-56
54. Mookerjee V, Tan Y (2002) Analysis of a least recently used cache management policy for Web browsers. Oper. Res. 50(2):345-357
55. Neumann P, Porras P (1999) Experience with Emerald to date. Ranum M, ed. Proc. 1st USENIX Workshop Intrusion Detection Network Monitoring (USENIX, Berkeley, CA), 73-80
56. Ogut H, Cavusoglu H, Raghunathan S (2008) Intrusion-detection policies for IT security breaches. INFORMS J. Comput. 20(1): 112-123
57. Peng T, Leckie C, Ramamohanarao K (2007) Survey of networkbased defense mechanisms countering the DoS and DDoS problems. ACM Comput. Surveys 39(1):Article 3
58. Pietro RD, Mancini LV (2008) Intrusion Detection Systems (Springer, New York)
59. Podlipnig S, Bszrmenyi L (2003) A survey ofWeb cache replacement strategies. ACM Comput. Surveys 35(4):374-398
60. Ransbotham S, Mitra S (2009) Choice and chance: A conceptual model of paths to information security compromise. Inform. Systems Res. 20(1):121-139
61. Sandhu UA, Haider S, Naseer S, Ateeb OU (2011) A survey of intrusion detection and prevention techniques. Internat. Conf. Inform. Comm. Management (IACSIT Press, Singapore), 66-71
62. Santor MSS (2015) NetworkSentry: Efficient network surveillance from Sentor. https://www.sentormss.com/managed-security-services/networksentry-network-surveillance/
63. Scarfone K, Mell P (2007) Guide to intrusion detection and prevention systems (IDPS). Technical Report, National Institute of Standards and Technology, Gaithersburg, MD
64. Schneier B (2002) The case for outsourcing security. IEEE Comput. 35(4):20-26
65. Schneier B (2007) Managed security monitoring: Network security for the 21st century. Report, British Telecommunications, London. http://www2.computable.nl/downloads/Counterpane_WP5.pdf
66. Smith B (2015) Thinking about security monitoring and event correlation. http://www.secureworks.com/resources/articles/other_articles/correlation/
67. Sommestad T, Hunstad A (2013) Intrusion detection and the role of the system administrator. Inform. Management Comput. Security 21(1):30-40
68. Statista (2015) Monthly unique visitors to U.S. retail websites in 3rd quarter 2014. http://www.statista.com/statistics/271450/monthly-unique-visitors-to-us-retail-websites/
69. The White House (2015) Remarks by the President at the cybersecurity and consumer protection summit. http://www.white house.gov/the-press-office/2015/02/13/remarks-president-cybersecurity-and-consumer-protection-summit
70. Ulvila JW, Gaffney JE (2004) A decision analysis method for evaluating computer intrusion detection systems. Decision Anal. 1(1):35-50
71. Verizon (2012) Managed security services-Premises premiumC. https://goo.gl/H1CXdl
72. Virta J, Jacobson S, Kobza J (2003) Analyzing the cost of screening selectee and non-selectee baggage. Risk Anal. 23(5):897-908
73. Werlinger R, Hawkey K, Muldner K (2008) The challenges of using an intrusion detection system: Is it worth the effort? Proc. 4th Sympos. Usable Privacy Security (ACM, New York), 107-118
74. Werlinger R, Muldner K, Hawkey K, Beznosov K (2009) Towards understanding diagnostic work during the detection and investigation of security incidents. Furnell S, Clarke N, eds. Proc. Third Internat. Sympos. Human Aspects Inform. Security Assurance (University of Plymouth, Plymouth, UK), 119-134
75. Werlinger R, Muldner K, Hawkey K, Beznosov K (2010) Preparation, detection, and analysis: The diagnostic work of IT security incident response. Inform. Management Comput. Security 18(1):26-42
76. Whang S (1992) Contracting for software development. Management Sci. 38(3):307-324
77. Zamboni D, Spafford E (1999) New directions for the AAPHID architecture. Spafford G, ed. Workshop Recent Adv. Intrusion Detection (Purdue University, West Lafayette, IN)
78. Zhao X, Whinston A (2013) Managing interdependent information security risks: Cyberinsurance, managed security services, and risk pooling arrangements. J. Management Inform. Systems 30(1):123-152
79. Zwillinger D (2011) CRC Standard Mathematical Tables and Formulae, 32nd ed. (CRC Press, Boca Raton, FL)