Decision support for selecting information security controls. (15th May 2018)

Record Type:
Journal Article
Title:
Decision support for selecting information security controls. (15th May 2018)
Main Title:
Decision support for selecting information security controls
Authors:
Almeida, Luís
Respício, Ana
Abstract:
Abstract: With the emergence of the Internet, the volume of cyberattacks has been progressively growing and, therefore, adequate security of information has a crucial role in IT systems. Organisations face complex decisions regarding the selection of security controls that allow protecting their information assets. The implementation of these controls should ensure an adequate level of protection. However, their selection requires knowledge about the vulnerabilities and threats existing in the organisation, and the investment in security must comply with economic constraints. This work proposes a framework to support an organisation to identify security vulnerabilities and optimise a portfolio of security controls to mitigate them. Those security controls may be of a mixed nature, such as hardware controls, software controls, policies, procedures and training actions. The framework is established using the standards ISO/IEC 27001:2013 and ISO/IEC 27002:2013 to support the identification of vulnerabilities/threats and the choice of controls that can mitigate them. Once the existing vulnerabilities/threats are identified, one has to select the subset of controls to implement, assuring an adequate mitigation at the lowest cost. An integer programming model is used to address this optimisation problem within the framework, which has been implemented as a prototype decision support tool.
Is Part Of:
Journal of decision systems. Volume 27(2018)Supplement 1
Journal:
Journal of decision systems
Issue:
Volume 27(2018)Supplement 1
Issue Display:
Volume 27, Issue 1 (2018)
Year:
2018
Volume:
27
Issue:
1
Issue Sort Value:
2018-0027-0001-0000
Page Start:
173
Page End:
180
Publication Date:
2018-05-15
Subjects:
Information security -- decision support -- vulnerabilities -- security controls -- optimisation of security portfolio
Decision support systems -- Periodicals
Management information systems -- Periodicals
Information resources management -- Periodicals
Information storage and retrieval systems -- Periodicals
Management -- Communication systems -- Periodicals
Decision support systems
Information resources management
Information storage and retrieval systems
Management -- Communication systems
Management information systems
Periodicals
658.40305
Journal URLs:
http://ejournals.ebsco.com/direct.asp?JournalID=711728
http://www.tandfonline.com/loi/tjds20
http://www.tandfonline.com/
DOI:
10.1080/12460125.2018.1468177
Languages:
English
ISSNs:
1246-0125
Deposit Type:
Legaldeposit
View Content:
Available online (eLD content is only available in our Reading Rooms)
Physical Locations:
British Library DSC - BLDSS-3PM
British Library HMNTS - ELD Digital store
Ingest File:
10939.xml