Selection of optimal countermeasure portfolio in IT security planning

کارشناسی ارشد و دکتری - کافه تدریس - وبینارهای حل سوالات کنکور ارشد

Selection of optimal countermeasure portfolio in IT security planning
Abstract: This paper deals with the optimal selection of countermeasures in IT security planning to prevent or mitigate cyber-threats and a mixed integer programming approach is proposed for the decision making. Given a set of potential threats and a set of available countermeasures, the decision maker needs to decide which countermeasure to implement under limited budget to minimize potential losses from successful cyber-attacks and mitigate the impact of disruptions caused by IT security incidents. The selection of countermeasures is based on their effectiveness of blocking different threats, implementation costs and probability of potential attack scenarios. The problem is formulated as a single- or bi-objective mixed integer program and a conditional value-at-risk approach combined with scenario-based analysis is applied to control the risk of high losses due to operational disruptions and optimize worst-case performance of an IT system. The bi-objective trade-off model provides the decision maker with a simple tool for balancing expected and worst-case losses and for shaping of the resulting cost distribution through the selection of optimal subset of countermeasures for implementation, i.e., the selection of optimal countermeasure portfolio. The selected portfolio explicitly depends on preferred confidence level and cost/risk preference of the decision maker. Numerical examples are presented and some computational results are reported to compare the risk-averse solutions that minimize conditional value-at-risk with the risk-neutral ones that minimize expected cost.
Keywords:	Information security Risk management Countermeasure selection Conditional value-at-risk Mixed integer programming Multi-criteria decision making
Author(s):	.
Source:	Decision Support Systems 55 (2013) 156–164
Subject:	فناوری اطلاعات
Category:	مقاله مجله
Release Date:	2013
No of Pages:	9
Price(Tomans):	0
بر اساس شرایط و ضوابط ارسال مقاله در سایت مدیر، این مطلب توسط یکی از نویسندگان ارسال گردیده است. در صورت مشاهده هرگونه تخلف، با تکمیل فرم گزارش تخلف حقوق مؤلفین مراتب را جهت پیگیری اطلاع دهید.

دریافت متن کامل
737 KB