BIBLIOS

   Ciências References Management System

Visitor Mode (Login)
Need help?


Back

Publication details

Document type
Conference papers

Document subtype
Full paper

Title
Decision support for selecting information security controls

Participants in the publication
Luís Almeida (Author)
Ana Respício (Author)
Dep. Informática
 CMAFcIO
Summary
With the emergence of the Internet, the volume of cyberattacks has been progressively growing and, therefore, adequate security of information has a crucial role in IT systems. Organisations face complex decisions regarding the selection of security controls that allow protecting their information assets. The implementation of these controls should ensure an adequate level of protection. However, their selection requires knowledge about the vulnerabilities and threats existing in the organisation, and the investment in security must comply with economic constraints. This work proposes a framework to support an organisation to identify security vulnerabilities and optimise a portfolio of security controls to mitigate them. Those security controls may be of a mixed nature, such as hardware controls, software controls, policies, procedures and training actions. The framework is established using the standards ISO/IEC 27001:2013 and ISO/IEC 27002:2013 to support the identification of vulnerabilities/threats and the choice of controls that can mitigate them. Once the existing vulnerabilities/threats are identified, one has to select the subset of controls to implement, assuring an adequate mitigation at the lowest cost. An integer programming model is used to address this optimisation problem within the framework, which has been implemented as a prototype decision support tool.

Date of Publication
2018-05-10

Event
Journal of Decision Systems

Publication Identifiers
ISSN - 1246-0125

Publisher
Informa UK Limited

Volume
27
Number
sup1

Starting page
173
Last page
180

Document Identifiers
URL - http://dx.doi.org/10.1080/12460125.2018.1468177
DOI - https://doi.org/10.1080/12460125.2018.1468177

Rankings
SCIMAGO Q2 (2017) - 0.339 - Management Information Systems
SCIMAGO Q2 (2017) - 0.339 - Software

Keywords
Information security decision support vulnerabilities security controls optimisation of security portfolio

Tags
#isoiec27001 #decisionsupport #27001 #informationsecurity #vulnerabilities #infosec #security #controls #portfoliooptimization


Export

APA
Luís Almeida, Ana Respício, (2018). Decision support for selecting information security controls. Journal of Decision Systems, 173-180

IEEE
Luís Almeida, Ana Respício, "Decision support for selecting information security controls" in Journal of Decision Systems, , 2018, pp. 173-180, doi: 10.1080/12460125.2018.1468177

BIBTEX
@InProceedings{38056, author = {Luís Almeida and Ana Respício}, title = {Decision support for selecting information security controls}, booktitle = {Journal of Decision Systems}, year = 2018, pages = {173-180}, address = {}, publisher = {Informa UK Limited} }