Selection of optimal countermeasure portfolio in IT security planning

Decision Support Systems

Volumn 55, Issue 1, 2013, Pages 156-164

  Sawik, Tadeusz ^a  

^a AGH UNIVERSITY OF SCIENCE AND TECHNOLOGY   (Poland)

Author keywords

Conditional value at risk; Countermeasure selection; Information security; Mixed integer programming; Multi criteria decision making; Risk management

Indexed keywords

COMPUTATIONAL RESULTS; CONDITIONAL VALUE-AT-RISK; COUNTERMEASURE SELECTION; MIXED INTEGER PROGRAMMING; MIXED-INTEGER PROGRAMS; MULTI-CRITERIA DECISION MAKING; SCENARIO-BASED ANALYSIS; WORST-CASE PERFORMANCE;

COMPUTER CRIME; COSTS; INTEGER PROGRAMMING; RISK MANAGEMENT; RISK PERCEPTION; SECURITY OF DATA; SECURITY SYSTEMS; VALUE ENGINEERING;

OPTIMIZATION;

EID: 84877741992     PISSN: 01679236     EISSN: None     Source Type: Journal    
DOI: 10.1016/j.dss.2013.01.001     Document Type: Article

References (35)

1. C.J. Alberts, and A.J. Dorofee Managing Information Security Risks: The OCTAVE Approach 2002 Addison Wesley Professional
2. W. Baker, and L. Wallace Dependable Computing: Is Information Security Under Control? January/February 2007 IEEE Security & Privacy 24 32
3. W.H. Baker, L.P. Rees, and P. Tippett Necessary measures: metric-driven information security risk assessment and decision making Communications of the ACM 50 10 2007 101 106
4. S. Benati, and R. Rizzi A mixed integer linear programming formulation of the optimal mean/value-at-risk portfolio problem European Journal of Operational Research 176 2007 423 434
5. S. Berinato The state of information security CIO Magazine 17 2 2003 1 3
6. S. Bistarelli, F. Fioravanti, and P. Peretti Using cp-nets as a guide for countermeasure selection Proceedings of the 2007 ACM Symposium on Applied Computing, Seoul, Korea 2007 300 304
7. R. Bojanc, and B. Jerman-Blazic An economic modelling approach to information security risk management International Journal of Information Management 28 2008 413 422
8. K. Chahara, and K. Taaffe Risk averse demand selection with all-or-nothing orders Omega: International Journal of Management Science 37 5 2009 996 1006
9. H. Chen, M. Chau, and S. Li Enterprise risk and security management: data, text and web mining Decision Support Systems 50 2011 649 650
10. J.K. Deane, C.T. Ragsdale, T.R. Rakes, and L.P. Rees Managing supply chain risk and disruption from IT security incidents Operations Management Research 2 1 2009 4 12
11. M. Egan The Executive Guide to Information Security 2005 Symantec Press Indianapolis
12. Endpoint security, security breaches and the cost of downtime http://www.endpointsecurity.org/Documents/Security-Breaches-and-the-Cost-of- Downtime.pdf
13. M. Gupta, J. Rees, A. Chaturvedi, and J. Chi Matching information security vulnerabilities to organizational security profiles: a genetic algorithm approach Decision Support Systems 41 2006 592 603
14. R.J. Kauffman, and R. Sougstad Risk management of contract portfolios in IT services: the profit-at-risk approach Journal of Management Information Systems 25 1 2008 17 48
15. V. Kumar, J. Srivastava, and A. Lazarevic Managing Cyber Threats: Issues, Approaches and Challenges 2004 Kluwer Academic Publisher
16. Y.J. Lee, R.J. Kauffman, and R. Sougstad Profit-maximizing firm investments in customer information security Decision Support Systems 51 2011 904 920
17. W. Ogryczak, and A. Ruszczynski Dual stochastic dominance and related mean-risk models SIAM Journal on Optimization 13 2002 60 78
18. A. Ojamaa, E. Tyugu, and J. Kivimaa Pareto-optimal situation analysis for selection of security measures Proceedings of IEEE Military Communications Conference, MILCOM 2008 2008 1 7 10.1109/MILCOM.2008.4753520
19. G.A. Paleologo Price-at-risk: a methodology for pricing utility computing services IBM Systems Journal 43 1 2004 20 31
20. T.R. Rakes, J.K. Deane, and L.P. Rees IT security planning under uncertainty for high-impact events Omega: International Journal of Management Science 40 1 2012 79 88
21. L.P. Rees, J.K. Deane, T.R. Rakes, and W.H. Baker Decision support for cybersecurity risk planning Decision Support Systems 51 2011 493 505
22. R.T. Rockafellar, and S. Uryasev Optimization of conditional value-at-risk The Journal of Risk 2 3 2000 21 41
23. R.T. Rockafellar, and S. Uryasev Conditional value-at-risk for general loss distributions Journal of Banking and Finance 26 7 2002 1443 1471
24. J.J.C.H. Ryan, T.A. Mazzuchi, D.J. Ryan, J.L. de la Cruz, and R. Cooke Quantifying information security risks using expert judgment elicitation Computers and Operations Research 39 2012 774 784
25. S. Sarykalin, G. Serraino, and S. Uryasev Value-at-risk vs. conditional value-at-risk in risk management and optimization Tutorials in Operations Research, INFORMS 2008 2008 270 294
26. B. Sawik Lexicographic and weighting approach to multi-criteria portfolio optimization by mixed integer programming chapter in: K.D. Lawrence, G. Kleinman, Applications of Management Science: Financial Modeling Applications and Data Envelopment Applications vol.13 2009 Emerald Bingley UK 3 18
27. T. Sawik Selection of supply portfolio under disruption risks Omega: The International Journal of Management Science 39 2 2011 194 208
28. B. Sawik Bi-criteria portfolio optimization models with percentile and symmetric risk measures by mathematical programming Przeglad Elektrotechniczny 88 10B 2012 176 180
29. T. Sawik Selection of resilient supply portfolio under disruption risks Omega: The International Journal of Management Science 41 2 2013 259 269
30. R.E. Steuer Multiple Criteria Optimization: Theory, Computation and Application 1996 Wiley New York
31. G. Stoneburner, A. Goguen, and A. Feringa Risk Management Guide for Information Technology Systems 2002 Nat'l Inst. of Standards and Technology, US Dept of Commerce (http://csrc.nist.gov/publications/nistpubs/800-30/sp800-30. pdf.)
32. S. Uryasev Conditional value-at-risk: optimization algorithms and applications Financial Engineering News 14 2 2000
33. V. Viduto, C. Maple, W. Huang, and D. Lopez-Perez A novel risk assessment and optimisation model for a multi-objective network security countermeasure selection problem Decision Support Systems 53 2012 599 610
34. S. Wagner, and C. Bode An empirical examination of supply chain performance along several dimensions of risk Journal of Business Logistics 29 2008 307 326
35. J. Wang, A. Chaudhury, and H.R. Rao A value-at-risk approach to information security investment Information Systems Research 19 1 2008 102 120