publication . Article . 2015

Selecting optimal subset of security controls

Yevseyeva, I.; Basto-Fernandes, V.; Michael, Emmerich, T. M.; Moorsel, van, A.;
Open Access English
  • Published: 15 Sep 2015 Journal: volume 64, pages 1,035-1,042issn: 1877-0509, Copyright policy
  • Publisher: Elsevier
Open Access journal Choosing an optimal investment in information security is an issue most companies face these days. Which security controls to buy to protect the IT system of a company in the best way? Selecting a subset of security controls among many available ones can be seen as a resource allocation problem that should take into account conflicting objectives and constraints of the problem. In particular, the security of the system should be improved without hindering productivity, under a limited budget for buying controls. In this work, we provide several possible formulations of security controls subset selection problem as a portfolio optimization,...
free text keywords: subset selection, security, multicriteria optimisation, portfolio optimization
26 references, page 1 of 2

1. 10 Steps to cyber security: executive companion. BIS/12/1120. Published on 5 September 2012.

2. Mobile Devices. Guide for Implementers. Published in February 2013. MWR InfoSecurity.

3. Consumerization of IT: Risk Mitigation Strategies. Responding to the Emerging Threat Environment. ENISA Deliverable. Published on 19 December 2012.

4. ISO/IEC 27002, Information Technology - Security Techniques - Code of practice for information security management, 2005.

5. Miettinen K.: Nonlinear Multiobjective Optimization. Kluwer, 1999.

6. Bäck Th., Fogel D.B. and Michalewicz Z.(Editors): Handbook of Evolutionary Computation, Taylor and Francis, 1997.

7. Deb K.: Multi-Objective Optimization Using Evolutionary Algorithms, Wiley, Chichester, UK, 2001.

8. Eiben A.E. and Smith J.E.: Introduction to Evolutionary Computing, Springer, Natural Computing Series, Corr. 2nd printing, 2007

9. Gordon L.A. and Loeb M.P. Managing Cybersecurity Resources: A cost-benefit analysis. McGraw-Hill Inc. 2006.

10. Rakes T.R., Deane J.K., Rees L.P. IT security planning under uncertainty for high-impact events, Omega: International Journal of Management Science 40 (1) (2012) 79-8.

11. Sawik T., Selection of optimal countermeasure portfolio in IT security planning. Decision Support Systems 55 (2013) 156-164.

12. Dodgson J.S. , Spackman M., Pearman A. and Phillips L.D. Multi-criteria analysis: A manual. Department for Communities and Local Government: London. 2009. ISBN 9781409810230, [OpenAIRE]

13. Butler. S. A. Improving Security Technology Selections with Decision Theory. Third Workshop on Economics - Driven Software Engineering Research, 2001.

14. Viduto V., Maple C., Huang W., Lopez-Perez D. A novel risk assessment and optimization model for a multi-objective network security countermeasure selection problem, Decision Support Systems 53 (2012) 599-610.

15. True North Consulting LLC website:

26 references, page 1 of 2
Powered by OpenAIRE Open Research Graph
Any information missing or wrong?Report an Issue
publication . Article . 2015

Selecting optimal subset of security controls

Yevseyeva, I.; Basto-Fernandes, V.; Michael, Emmerich, T. M.; Moorsel, van, A.;