Decision support for Cybersecurity risk planning

Authors:
Loren Paul Rees;Jason K. Deane;Terry R. Rakes;Wade H. Baker
Affiliations:
Department of Business Information Technology, Pamplin College of Business, Virginia Tech., Blacksburg, VA 24061, United States;Department of Business Information Technology, Pamplin College of Business, Virginia Tech., Blacksburg, VA 24061, United States;Department of Business Information Technology, Pamplin College of Business, Virginia Tech., Blacksburg, VA 24061, United States;Verizon Business Security Solutions, Ashburn, VA 20147, United States
Venue:
Decision Support Systems
Year:
2011

Citing 18
Cited 2

Fuzzy weighted averages and implementation of the extension principle

Fuzzy Sets and Systems
Modern heuristic techniques for combinatorial problems

Modern heuristic techniques for combinatorial problems
Fuzzy sets as a basis for a theory of possibility

Fuzzy Sets and Systems
Evolutionary computation

Evolutionary computation
Centroid of a type-2 fuzzy set

Information Sciences: an International Journal
Genetic Algorithms in Search, Optimization and Machine Learning

Genetic Algorithms in Search, Optimization and Machine Learning
Managing Information Security Risks: The Octave Approach

Managing Information Security Risks: The Octave Approach
The Executive Guide to Information Security: Threats, Challenges, and Solutions

The Executive Guide to Information Security: Threats, Challenges, and Solutions
A fuzzy decision support system for strategic portfolio management

Decision Support Systems
Fuzzy decision support system for risk analysis in e-commerce development

Decision Support Systems
A fuzzy decision support system for IT service continuity threat assessment

Decision Support Systems
Using CP-nets as a guide for countermeasure selection

Proceedings of the 2007 ACM symposium on Applied computing
Is Information Security Under Control?: Investigating Quality in Information Security Management

IEEE Security and Privacy
Necessary measures: metric-driven information security risk assessment and decision making

Communications of the ACM
Quantitative risk-based analysis for military counterterrorism systems

Systems Engineering
DIPS: A Framework for Distributed Intrusion Prediction and Prevention Using Hidden Markov Models and Online Fuzzy Risk Assessment

IAS '07 Proceedings of the Third International Symposium on Information Assurance and Security
Configuration of and Interaction Between Information Security Technologies: The Case of Firewalls and Intrusion Detection Systems

Information Systems Research
Selection of appropriate defuzzification methods using application specific properties

IEEE Transactions on Fuzzy Systems

Fuzzy decision support system for ship lock control

Expert Systems with Applications: An International Journal
Selection of optimal countermeasure portfolio in IT security planning

Decision Support Systems

Quantified Score

Hi-index	0.00

Visualization

Abstract

Security countermeasures help ensure the confidentiality, availability, and integrity of information systems by preventing or mitigating asset losses from Cybersecurity attacks. Due to uncertainty, the financial impact of threats attacking assets is often difficult to measure quantitatively, and thus it is difficult to prescribe which countermeasures to employ. In this research, we describe a decision support system for calculating the uncertain risk faced by an organization under cyber attack as a function of uncertain threat rates, countermeasure costs, and impacts on its assets. The system uses a genetic algorithm to search for the best combination of countermeasures, allowing the user to determine the preferred tradeoff between the cost of the portfolio and resulting risk. Data collected from manufacturing firms provide an example of results under realistic input conditions.