Date Added: Aug 2012
Security assessments are an integral part of organizations' strategies for protecting their digital assets and critical IT infrastructure. In this paper, the authors propose a game-theoretic modeling of a particular form of security assessment - one which addresses the question "Are the people compromised?". They do so by extending the recently proposed game "FlipIt", which itself can be used to model the interaction between defenders and attackers under the Advanced Persistent Threat (APT) scenario. Their extension gives players the option to "Test" the state of the game before making a move. This allows one to study the scenario in which organizations have the option to perform periodic security assessments of such nature, and the benefits they may bring.