Abstract
The objective of this chapter is to describe the application of the cybersecurity game (CSG) to a point-of-sale (PoS) system and the knowledge discovered from these activities. All PoS systems process over 195 billion electronic transactions with a volume of over US $28.8 trillion per year. In 2014, there were 79,790 cybersecurity incidents reported affecting PoS. There exists a pressing need to understand the cost-benefit for cybersecurity risk reduction investments; however, risk reduction investments face resource limitations. CSG was applied to a PoS to address this need. CSG is a methodology and software tool that models the cyber risk of information and communication technology (ICT) systems. CSG produces security portfolios that are Pareto optimal against quantitative cyber risk and investment costs. CSG identifies the set of defensive methods that best reduce cyber risk for any given investment level. The nominal risk score without employing any defensive methods is 8,492,934. The best risk reduction can be achieved using all of the tools at a cost of ~250,000; however, 89% of the risk reduction is achieved by spending only ~16% of the cost. Additionally, two defense methods were found to provide major reductions in risk. The first is to segment the network between PoS systems and the remainder of the merchant’s ICT system. The second was to encrypt information throughout the merchant’s ICT system.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
The Nilson Report, Charts & Graphs Archive, 2016. [Online]. Available: https://www.nilsonreport.com/publication_chart_and_graphs_archive.php?1=1&year=2016#. Accessed 25 March 2016
MarketWatch, “Global Card Fraud Losses Reach $16.31 Billion — Will Exceed $35 Billion in 2020 According to The Nilson Report,” 4 Aug 2015. [Online]. Available: http://www.marketwatch.com/story/global-card-fraud-losses-reach-1631-billion-will-exceed-35-billion-in-2020-according-to-the-nilson-report-2015-08-04. Accessed 25 March 2016
MasterCard (2015) Supplemental operational performance 2015Q2– 2013Q1. MasterCard
VISA (2015) Operational performance data 2Q2015. VISA
Verizon (2015) 2015 data breach investigation report. Verizon
Ponemon Institute, (2015) 2015 cost of data breach study: global analysis. Ponemon Institute
Musman S (2015) Playing the cyber security game: a rational approach to cyber security and resilience decision making. MITRE Technical Report, MTR-150371, McLean, VA
Roy S, Ellis C, Shiva S, Dasgupta D, Shandilya V, Wu Q (2010) A survey of game theory as applied to network security. In 43rd Hawaii International Conference on System Sciences (HICSS), Koloa, HI
Musman S, Agbolosu-Amison S (2014) A measurable definition of resiliency using “mission risk” as a metric. The MITRE Corporation, McLean, VA
Clemens PL, Swallom DW (2005) Summing risk — an international workshop and its results. 41(6)
Musman S, Temin A (2015) A cyber mission impact assessment tool. In IEEE International Symposium on Technologies for Homeland Security, Waltham, MA
Turner AJ, Musman S (2016) Using cyber impacts to assess cyber risk mitigation on point of sale systems using CMIA and CSG. MITRE Technical Report, MTR-160339, Bedford, MA
Temin A, Musman S (2010) A language for capturing cyber impact effects. MITRE Technical Report MTR-10344. MITRE Corporation, Washington, DC
Garvey PR, Patel SH (2014) Analytical frameworks to assess the effectiveness and economic-returns of cybersecurity investments. In Military Communications Conference (MILCOM), 2014 IEEE, Baltimore, MD
Carin L, Cybenko G, Hughes J (2008) Cybersecurity strategies: the QuERIES methodology. Computer 41(8):20–26
Buckshaw D, Parnell G, Unkenholz W, Parks D, Wallner J, Saydjari O (2005) Mission oriented risk and design analysis. 2
Disclaimer
The authors’ affiliation with The MITRE Corporation is provided for identification purposes only and is not intended to convey or imply MITRE’s concurrence with, or support for, the positions, opinions, or viewpoints expressed by the authors. 16-3460
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2018 Springer International Publishing AG
About this paper
Cite this paper
Turner, A.J., Musman, S. (2018). Applying the Cybersecurity Game to a Point-of-Sale System. In: Madni, A., Boehm, B., Ghanem, R., Erwin, D., Wheaton, M. (eds) Disciplinary Convergence in Systems Engineering Research. Springer, Cham. https://doi.org/10.1007/978-3-319-62217-0_10
Download citation
DOI: https://doi.org/10.1007/978-3-319-62217-0_10
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-62216-3
Online ISBN: 978-3-319-62217-0
eBook Packages: EngineeringEngineering (R0)