Abstract
Information security managers with fixed budgets must invest in security measures to mitigate increasingly severe threats whilst maintaining the alignment of their systems with their organization's business objectives. The state of the art lacks a systematic methodology to support security investment decision-making. We describe a methodology that integrates methods from multi-attribute utility evaluation and mathematical systems modelling. We illustrate our approach using a case study of a large organization divesting itself of its IT support services, delivering useful results to the organization's security managers. Specifically, by integrating a mathematical model of system behaviour with an account of the utility of available security investment strategies, the case study has enabled them to understand better the trade-offs between the security performance and the operational consequences of their choices.
| Original language | English |
|---|---|
| Title of host publication | Network Operations and Management Symposium Workshops (NOMS Wksps), 2010 IEEE/IFIP |
| Place of Publication | Los Alamitos, CA, USA |
| Publisher | IEEE Press |
| Pages | 118-125 |
| Number of pages | 8 |
| ISBN (Print) | 978-1424460373 |
| DOIs | |
| Publication status | Published - 17 Jun 2010 |
| Event | 5th IFIP/IEEE International Workshop on Business-driven IT Management (BDIM 2010) - Osaka, Japan Duration: 19 Apr 2010 → 19 Apr 2010 |
Conference
| Conference | 5th IFIP/IEEE International Workshop on Business-driven IT Management (BDIM 2010) |
|---|---|
| Country/Territory | Japan |
| City | Osaka |
| Period | 19/04/10 → 19/04/10 |
Keywords
- information security
- decision support
- economics
- risk managment
- systems modelling
- business data processing