This book presents a compendium of selected game- and decision-theoretic
models to achieve and assess the security of critical infrastructures.
Given contemporary reports on security incidents of various kinds, we
can see a paradigm shift to attacks of an increasingly heterogeneous
nature, combining different techniques into what we know as an advanced
persistent threat. Security precautions must match these diverse threat
patterns in an equally diverse manner; in response, this book provides a
wealth of techniques for protection and mitigation.
Much traditional security research has a narrow focus on specific attack
scenarios or applications, and strives to make an attack "practically
impossible." A more recent approach to security views it as a scenario
in which the cost of an attack exceeds the potential reward. This does
not rule out the possibility of an attack but minimizes its likelihood
to the least possible risk. The book follows this economic definition of
security, offering a management scientific view that seeks a balance
between security investments and their resulting benefits. It focuses on
optimization of resources in light of threats such as terrorism and
advanced persistent threats.
Drawing on the authors' experience and inspired by real case studies,
the book provides a systematic approach to critical infrastructure
security and resilience. Presenting a mixture of theoretical work and
practical success stories, the book is chiefly intended for students and
practitioners seeking an introduction to game- and decision-theoretic
techniques for security. The required mathematical concepts are
self-contained, rigorously introduced, and illustrated by case studies.
The book also provides software tools that help guide readers in the
practical use of the scientific models and computational frameworks.