Abstract

In this paper we present a qualitative approach for the selection of security countermeasures able to protect an IT system from attacks. For this purpose, we model security scenarios by using defense trees (an extension of attack trees) and preferences over countermeasure using Conditional Preference networks (CP-nets for short). In particular, we introduce two different methods for the composition of preferences: the and-composition and the or-composition. The first one is used to determine a preference order in the selection of countermeasures able to mitigate the risks produced by conjunct attacks. The second one is used to determine a preference order over sets of countermeasures able to mitigate the risks produced by alternative attacks.