| 摘要 |
A method of selecting security actions is provided. The method comprises estimating a maximum forecast loss, identifying general, sector specific, and targeted threats. The method further comprises forecasting a security loss based on the estimated maximum forecast loss and the threats, estimating a reduction in the security loss based on a first investment on a general threat countermeasure, on a second investment on a sector specific countermeasure, and on a third investment on a targeted threat countermeasure. The method further comprises allocating at least a portion of a security investment budget among the first, the second, and the third investments to maximize the estimated reduction in security loss. An aspect disclosed comprises a method that determines rates of return on security investment and selects security investments based on the rates of return. An aspect disclosed comprises a system for forecasting a security loss based on a security investment.
|
