Scientific Publications

Comparing Vulnerability Severity and Exploits Using Case-Control Studies

Luca Allodi and Fabio Massacci
CM Transactions on Information and System Security, Vol. 17, No. 1, Article 1, Publication date: August 2014. TISSEC Paper 2014

Resilience in Information Stewardship

Christos Ioannidis
David Pym
Julian Williams
Iffat Gheyas
13th Annual Workshop on the Economics of Information Society (WEIS), Pennsylvania State University, June 23-24 2014

Information security is concerned with protecting the confidentiality, integrity, and availability of information systems. System managers deploy their resources with the aim of maintaining target levels of these attributes in the presence of reactive threats. Information stewardship is the challenge of maintaining the sustainability and resilience of the security attributes of (complex, interconnected, multi-agent) information ecosystems. In this paper, we present, in the tradition public economics, a model of stewardship which addresses directly the question of resilience.

Bayesian Analysis of Stochastic Process Models

Ríos Insua, D.
Ruggeri, F.
Wiper, M.
Wiley Series in Probability and Statistics, 2012

Page xii of the Preface specifically mentions the SECONOMICS project.

Issues in Adversarial Risk Analysis

David Banks
David Ríos Insua
Jesús Ríos
Decision Analysis Today, vol 31, n.3, pp 33-37, December 2012

For decades, game theory and other group decision-making paradigms have been considered of little use in practical risk management problems.

A Graphical Adversarial Risk Analysis Model for Oil and Gas Drilling Cybersecurity

Aitor Couce Vieira
Siv Hilde Houmb
David Ríos Insua
GraMSec, 2014

Oil and gas drilling is based, increasingly, on operational technology, whose cybersecurity is complicated by several challenges. We propose a graphical model for cybersecurity risk assessment based on Adversarial Risk Analysis to face those challenges. We also provide an example of the model in the context of an offshore drilling rig. The proposed model provides a more formal and comprehensive analysis of risks, still using the standard business language based on decisions, risks, and value.

Security Economics: A Multiobjective Adversarial Risk Analysis Approach to Airport Protection

Javier Cano
David Ríos Insúa
Alessandra Tedeschi
Ugur Turhan
Annals of Operation Research, Springer, 2014

We analyze the case of protecting an airport, in which there is concern with terrorist threats against the Air Trac Control (ATC) Tower. To deter terrorist actions, airport authorities rely on various protective measures. They have considerable costs, but by deploying them, airport authorities expect to minimize the risks of terrorist actions. We aim at giving advice to the airport authorities by devising a security resource allocation plan. We use the framework of adversarial risk analysis to deal with the problem.