Risk-neutral evaluation of information security investment on data centers

摘要

Based on given data center network topology and risk-neutral management, this work proposes a simple but efficient probability-based model to calculate the probability of insecurity of each protected resource and the optimal investment on each security protection device when a data center is under security breach. We present two algorithms that calculate the probability of threat and the optimal investment for data center security respectively. Based on the insecurity flow model (Moskowitz and Kang 1997) of analyzing security violations, we first model data center topology using two basic components, namely resources and filters, where resources represent the protected resources and filters represent the security protection devices. Four basic patterns are then identified as the building blocks for the first algorithm, called Accumulative Probability of Insecurity, to calculate the accumulative probability of realized threat (insecurity) on each resource. To calculate the optimal security investment, a risk-neutral based algorithm, called Optimal Security Investment, which maximizes the total expected net benefit is then proposed. Numerical simulations show that the proposed approach coincides with Gordon’s (Gordon and Loeb, ACM Transactions on Information and Systems Security 5(4):438–457, 2002) single-system analytical model. In addition, numerical results on two common data center topologies are analyzed and compared to demonstrate the effectiveness of the proposed approach. The technique proposed here can be used to facilitate the analysis and design of more secured data centers.