Just yesterday I've get again to browse trough SANS reading room newly posted articles, it is monthly task (usually) for me. One title catch my attention, even get pang of envy :)
It is Modeling Security Investments With Monte Carlo Simulations remeber me on ongoing effort by my friend Biljana Petreska and her paper "Biljana R. Petreska, Tatjana D. Kolemisevska-Gugulovska: A fuzzy rate-of-return based model for portfolio selection and risk estimation. SMC 2010: 1871-1877".
We were often discussing how to adopt this model for presenting ROI for enterprise security investment, using SANS Critical Security Controls as technical inputs. Fuzzy modeling can probably better capture and predict but this is to try and prove, what is advantage is in presenting the security as portfolio of options ...
I was thinking of using my ancient tcl port of fuzzy tools but this is too old and there are better solution in python.
No comments:
Post a Comment