Information Security Trade-offs and Optimal Patching Policies

Christos Ioannidis, David J. Pym, Julian Williams

Research output: Contribution to journalArticle

20 Citations (Scopus)
4 Downloads (Pure)

Abstract

We develop and simulate a basic mathematical model of the costly deployment of software patches in the presence of trade-offs between confidentiality and availability. The model incorporates representations of the key aspects of the system architecture, the managers’ preferences, and the stochastic nature of the threat environment. Using the model, we compute the optimal frequencies for regular and irregular patching, for both networks and clients, for two example types of organization, military and financial. Such examples are characterized by their constellations of parameters. Military organizations, being relatively less cost-sensitive, tend to apply network patches upon their arrival. The relatively high cost of applying irregular client patches leads both types of organization to avoid deployment upon arrival.

Original languageEnglish
Pages (from-to)434-444
Number of pages11
JournalEuropean Journal of Operational Research
Volume216
Issue number2
Early online date20 Jun 2011
DOIs
Publication statusPublished - 16 Jan 2012

Fingerprint

Information Security
Security of data
Optimal Policy
Patch
Trade-offs
Military
Irregular
Confidentiality
Costs
System Architecture
Managers
Availability
Tend
Mathematical Model
Mathematical models
Software
Model
Optimal policy
Information security
Threat

Keywords

  • Information security
  • Optimal policy
  • Risk reduction
  • Stochastic processes

Cite this

Information Security Trade-offs and Optimal Patching Policies. / Ioannidis, Christos; Pym, David J.; Williams, Julian.

In: European Journal of Operational Research, Vol. 216, No. 2, 16.01.2012, p. 434-444.

Research output: Contribution to journalArticle

Ioannidis, Christos ; Pym, David J. ; Williams, Julian. / Information Security Trade-offs and Optimal Patching Policies. In: European Journal of Operational Research. 2012 ; Vol. 216, No. 2. pp. 434-444.
@article{fdccfe06f15148b6b82e7cebc5a207f1,
title = "Information Security Trade-offs and Optimal Patching Policies",
abstract = "We develop and simulate a basic mathematical model of the costly deployment of software patches in the presence of trade-offs between confidentiality and availability. The model incorporates representations of the key aspects of the system architecture, the managers’ preferences, and the stochastic nature of the threat environment. Using the model, we compute the optimal frequencies for regular and irregular patching, for both networks and clients, for two example types of organization, military and financial. Such examples are characterized by their constellations of parameters. Military organizations, being relatively less cost-sensitive, tend to apply network patches upon their arrival. The relatively high cost of applying irregular client patches leads both types of organization to avoid deployment upon arrival.",
keywords = "Information security, Optimal policy, Risk reduction, Stochastic processes",
author = "Christos Ioannidis and Pym, {David J.} and Julian Williams",
year = "2012",
month = "1",
day = "16",
doi = "10.1016/j.ejor.2011.05.050",
language = "English",
volume = "216",
pages = "434--444",
journal = "European Journal of Operational Research",
issn = "0377-2217",
publisher = "Elsevier",
number = "2",

}

TY - JOUR

T1 - Information Security Trade-offs and Optimal Patching Policies

AU - Ioannidis, Christos

AU - Pym, David J.

AU - Williams, Julian

PY - 2012/1/16

Y1 - 2012/1/16

N2 - We develop and simulate a basic mathematical model of the costly deployment of software patches in the presence of trade-offs between confidentiality and availability. The model incorporates representations of the key aspects of the system architecture, the managers’ preferences, and the stochastic nature of the threat environment. Using the model, we compute the optimal frequencies for regular and irregular patching, for both networks and clients, for two example types of organization, military and financial. Such examples are characterized by their constellations of parameters. Military organizations, being relatively less cost-sensitive, tend to apply network patches upon their arrival. The relatively high cost of applying irregular client patches leads both types of organization to avoid deployment upon arrival.

AB - We develop and simulate a basic mathematical model of the costly deployment of software patches in the presence of trade-offs between confidentiality and availability. The model incorporates representations of the key aspects of the system architecture, the managers’ preferences, and the stochastic nature of the threat environment. Using the model, we compute the optimal frequencies for regular and irregular patching, for both networks and clients, for two example types of organization, military and financial. Such examples are characterized by their constellations of parameters. Military organizations, being relatively less cost-sensitive, tend to apply network patches upon their arrival. The relatively high cost of applying irregular client patches leads both types of organization to avoid deployment upon arrival.

KW - Information security

KW - Optimal policy

KW - Risk reduction

KW - Stochastic processes

U2 - 10.1016/j.ejor.2011.05.050

DO - 10.1016/j.ejor.2011.05.050

M3 - Article

VL - 216

SP - 434

EP - 444

JO - European Journal of Operational Research

JF - European Journal of Operational Research

SN - 0377-2217

IS - 2

ER -