Risk management for cyber-infrastructure protection: A bi-objective integer programming approach. (January 2021)
- Record Type:
- Journal Article
- Title:
- Risk management for cyber-infrastructure protection: A bi-objective integer programming approach. (January 2021)
- Main Title:
- Risk management for cyber-infrastructure protection: A bi-objective integer programming approach
- Authors:
- Schmidt, Adam
Albert, Laura A.
Zheng, Kaiyue - Abstract:
- Highlights: Information and communication technology supply chains present risks that are complex and difficult to manage. We present new optimization models to support supply chain risk management. Optimization models with two risk reduction objectives select a portfolio of security controls subject to a budget constraint. The stochastic model informs security investment decisions under uncertainty. The computational results highlight how to construct a portfolio of security controls that is effective across multiple criteria. Abstract: Information and communication technology supply chains present risks that are complex and difficult for organizations to manage. The cost and benefit of proposed security controls must be assessed to best match an organizational risk tolerance and direct the use of security resources. In this paper, we present integer and stochastic optimization models for selecting a portfolio of security controls within an organizational budget. We consider two objectives: to maximize the risk reduction across all potential attacks and to maximize the number of attacks whose risk levels are lower than a risk threshold after security controls are applied. Deterministic and stochastic bi-objective budgeted difficulty-threshold control selection problems are formulated for selecting mitigating controls to reflect an organization's risk preference. In the stochastic problem, we consider uncertainty as to whether the selected controls can reduce the risksHighlights: Information and communication technology supply chains present risks that are complex and difficult to manage. We present new optimization models to support supply chain risk management. Optimization models with two risk reduction objectives select a portfolio of security controls subject to a budget constraint. The stochastic model informs security investment decisions under uncertainty. The computational results highlight how to construct a portfolio of security controls that is effective across multiple criteria. Abstract: Information and communication technology supply chains present risks that are complex and difficult for organizations to manage. The cost and benefit of proposed security controls must be assessed to best match an organizational risk tolerance and direct the use of security resources. In this paper, we present integer and stochastic optimization models for selecting a portfolio of security controls within an organizational budget. We consider two objectives: to maximize the risk reduction across all potential attacks and to maximize the number of attacks whose risk levels are lower than a risk threshold after security controls are applied. Deterministic and stochastic bi-objective budgeted difficulty-threshold control selection problems are formulated for selecting mitigating controls to reflect an organization's risk preference. In the stochastic problem, we consider uncertainty as to whether the selected controls can reduce the risks associated with attacks. We demonstrate through a computational study that the trade-off between the two objectives is important to consider for certain risk preferences and budgets. We demonstrate the value of the stochastic model when a relatively high number of attacks are desired to be secured past a risk threshold and show the deterministic solution provides near optimal solutions otherwise. We provide an analysis of model solutions. … (more)
- Is Part Of:
- Reliability engineering & system safety. Volume 205(2021)
- Journal:
- Reliability engineering & system safety
- Issue:
- Volume 205(2021)
- Issue Display:
- Volume 205, Issue 2021 (2021)
- Year:
- 2021
- Volume:
- 205
- Issue:
- 2021
- Issue Sort Value:
- 2021-0205-2021-0000
- Page Start:
- Page End:
- Publication Date:
- 2021-01
- Subjects:
- Cyber-security -- Information and communication technology security -- Bi-objective optimization -- Supply chain security -- Risk management -- Risk threshold
Reliability (Engineering) -- Periodicals
System safety -- Periodicals
Industrial safety -- Periodicals
Fiabilité -- Périodiques
Sécurité des systèmes -- Périodiques
Sécurité du travail -- Périodiques
620.00452 - Journal URLs:
- http://www.sciencedirect.com/science/journal/09518320 ↗
http://www.elsevier.com/journals ↗ - DOI:
- 10.1016/j.ress.2020.107093 ↗
- Languages:
- English
- ISSNs:
- 0951-8320
- Deposit Type:
- Legaldeposit
- View Content:
- Available online (eLD content is only available in our Reading Rooms) ↗
- Physical Locations:
- British Library DSC - 7356.422700
British Library DSC - BLDSS-3PM
British Library HMNTS - ELD Digital store - Ingest File:
- 15365.xml