publication . Article . 2015

Selecting optimal subset of security controls

Yevseyeva, I.; Basto-Fernandes, V.; Michael, Emmerich, T. M.; Moorsel, van, A.;
Open Access English
  • Published: 15 Sep 2015 Journal: volume 64, pages 1,035-1,042issn: 1877-0509, Copyright policy
  • Publisher: Elsevier
Abstract
Open Access journal Choosing an optimal investment in information security is an issue most companies face these days. Which security controls to buy to protect the IT system of a company in the best way? Selecting a subset of security controls among many available ones can be seen as a resource allocation problem that should take into account conflicting objectives and constraints of the problem. In particular, the security of the system should be improved without hindering productivity, under a limited budget for buying controls. In this work, we provide several possible formulations of security controls subset selection problem as a portfolio optimization,...
Subjects
free text keywords: subset selection, security, multicriteria optimisation, portfolio optimization
26 references, page 1 of 2

1. 10 Steps to cyber security: executive companion. BIS/12/1120. Published on 5 September 2012. https://www.gov.uk/government/publications/cyber-risk-management-a-board-level-responsibility

2. Mobile Devices. Guide for Implementers. Published in February 2013. MWR InfoSecurity. https://www.cpni.gov.uk/Documents/Publications/Non-CPNI_pubs/2013-02-22-mobile_devices_guide_for_implementers.pdf

3. Consumerization of IT: Risk Mitigation Strategies. Responding to the Emerging Threat Environment. ENISA Deliverable. Published on 19 December 2012. http://www.enisa.europa.eu/activities/risk-management/evolving-threat-environment/COIT_Mitigation_Strategies_Final_Report

4. ISO/IEC 27002, Information Technology - Security Techniques - Code of practice for information security management, 2005. http://www.iso.org/iso/catalogue_detail?csnumber=50297

5. Miettinen K.: Nonlinear Multiobjective Optimization. Kluwer, 1999.

6. Bäck Th., Fogel D.B. and Michalewicz Z.(Editors): Handbook of Evolutionary Computation, Taylor and Francis, 1997.

7. Deb K.: Multi-Objective Optimization Using Evolutionary Algorithms, Wiley, Chichester, UK, 2001.

8. Eiben A.E. and Smith J.E.: Introduction to Evolutionary Computing, Springer, Natural Computing Series, Corr. 2nd printing, 2007

9. Gordon L.A. and Loeb M.P. Managing Cybersecurity Resources: A cost-benefit analysis. McGraw-Hill Inc. 2006.

10. Rakes T.R., Deane J.K., Rees L.P. IT security planning under uncertainty for high-impact events, Omega: International Journal of Management Science 40 (1) (2012) 79-8.

11. Sawik T., Selection of optimal countermeasure portfolio in IT security planning. Decision Support Systems 55 (2013) 156-164.

12. Dodgson J.S. , Spackman M., Pearman A. and Phillips L.D. Multi-criteria analysis: A manual. Department for Communities and Local Government: London. 2009. ISBN 9781409810230, http://eprints.lse.ac.uk/12761/ [OpenAIRE]

13. Butler. S. A. Improving Security Technology Selections with Decision Theory. Third Workshop on Economics - Driven Software Engineering Research, 2001.

14. Viduto V., Maple C., Huang W., Lopez-Perez D. A novel risk assessment and optimization model for a multi-objective network security countermeasure selection problem, Decision Support Systems 53 (2012) 599-610.

15. True North Consulting LLC website: http://www.tru-nor.com/network-monitoring--analysis.html

26 references, page 1 of 2
Powered by OpenAIRE Open Research Graph
Any information missing or wrong?Report an Issue
publication . Article . 2015

Selecting optimal subset of security controls

Yevseyeva, I.; Basto-Fernandes, V.; Michael, Emmerich, T. M.; Moorsel, van, A.;