Selecting optimal subset of security controls
| dc.cclicence | CC-BY | en |
| dc.contributor.author | Yevseyeva, Iryna | en |
| dc.contributor.author | Basto-Fernandes, V. | en |
| dc.contributor.author | Emmerich, M. T. M. | en |
| dc.contributor.author | van Moorsel, Aad | en |
| dc.date.acceptance | 2015-09-15 | en |
| dc.date.accessioned | 2016-05-23T15:52:08Z | |
| dc.date.available | 2016-05-23T15:52:08Z | |
| dc.date.issued | 2015-09-15 | |
| dc.description | Open Access journal | en |
| dc.description.abstract | Choosing an optimal investment in information security is an issue most companies face these days. Which security controls to buy to protect the IT system of a company in the best way? Selecting a subset of security controls among many available ones can be seen as a resource allocation problem that should take into account conflicting objectives and constraints of the problem. In particular, the security of the system should be improved without hindering productivity, under a limited budget for buying controls. In this work, we provide several possible formulations of security controls subset selection problem as a portfolio optimization, which is well known in financial management. We propose approaches to solve them using existing single and multiobjective optimization algorithms. | en |
| dc.explorer.multimedia | No | en |
| dc.funder | Engineering and Physical Sciences Research Council (EPSRC), UK, and Government Communications Headquarters (GCHQ), UK, for funding Choice Architecture for Information Security (ChAISe) project EP/K006568/1 as a part of Cyber Research Institute | en |
| dc.funder | EPSRC (Engineering and Physical Sciences Research Council) | en |
| dc.identifier.citation | Yevseyeva, I., Basto-Fernandes, V., Emmerich, M.T.M. and van Moorsel A. (2015) Selecting optimal subset of security controls. CENTERIS’15, 7th Conference of ENTERprise Information Systems, Procedia Computer Science, 64, pp. 1035-1042 | en |
| dc.identifier.doi | https://doi.org/10.1016/j.procs.2015.08.625 | |
| dc.identifier.uri | http://hdl.handle.net/2086/12080 | |
| dc.language.iso | en | en |
| dc.peerreviewed | Yes | en |
| dc.projectid | EP/K006568/1 | en |
| dc.publisher | Elsevier | en |
| dc.researchgroup | Cyber Security Centre | en |
| dc.researchinstitute | Cyber Technology Institute (CTI) | en |
| dc.subject | multicriteria optimisation | en |
| dc.subject | security | en |
| dc.subject | subset selection | en |
| dc.subject | portfolio optimization | en |
| dc.title | Selecting optimal subset of security controls | en |
| dc.type | Article | en |