BIBLIOS

  Sistema de Gestão de Referências Bibliográficas de Ciências

Modo Visitante (Login)
Need help?


Voltar

Detalhes Referência

Tipo
Artigos em Conferência

Tipo de Documento
Artigo Completo

Título
Decision support for selecting information security controls

Participantes na publicação
Luís Almeida (Author)
Ana Respício (Author)
Dep. Informática
CMAFcIO

Resumo
With the emergence of the Internet, the volume of cyberattacks has been progressively growing and, therefore, adequate security of information has a crucial role in IT systems. Organisations face complex decisions regarding the selection of security controls that allow protecting their information assets. The implementation of these controls should ensure an adequate level of protection. However, their selection requires knowledge about the vulnerabilities and threats existing in the organisation, and the investment in security must comply with economic constraints. This work proposes a framework to support an organisation to identify security vulnerabilities and optimise a portfolio of security controls to mitigate them. Those security controls may be of a mixed nature, such as hardware controls, software controls, policies, procedures and training actions. The framework is established using the standards ISO/IEC 27001:2013 and ISO/IEC 27002:2013 to support the identification of vulnerabilities/threats and the choice of controls that can mitigate them. Once the existing vulnerabilities/threats are identified, one has to select the subset of controls to implement, assuring an adequate mitigation at the lowest cost. An integer programming model is used to address this optimisation problem within the framework, which has been implemented as a prototype decision support tool.

Data de Publicação
2018-05-10

Evento
Journal of Decision Systems

Identificadores da Publicação
ISSN - 1246-0125

Editora
Informa UK Limited

Volume
27
Fascículo
sup1

Página Inicial
173
Página Final
180

Identificadores do Documento
URL - http://dx.doi.org/10.1080/12460125.2018.1468177
DOI - https://doi.org/10.1080/12460125.2018.1468177

Identificadores de Qualidade
SCIMAGO Q2 (2017) - 0.339 - Management Information Systems
SCIMAGO Q2 (2017) - 0.339 - Software

Keywords
Information security decision support vulnerabilities security controls optimisation of security portfolio

Tags
#isoiec27001 #decisionsupport #27001 #informationsecurity #vulnerabilities #infosec #security #controls #portfoliooptimization


Exportar referência

APA
Luís Almeida, Ana Respício, (2018). Decision support for selecting information security controls. Journal of Decision Systems, 173-180

IEEE
Luís Almeida, Ana Respício, "Decision support for selecting information security controls" in Journal of Decision Systems, , 2018, pp. 173-180, doi: 10.1080/12460125.2018.1468177

BIBTEX
@InProceedings{38056, author = {Luís Almeida and Ana Respício}, title = {Decision support for selecting information security controls}, booktitle = {Journal of Decision Systems}, year = 2018, pages = {173-180}, address = {}, publisher = {Informa UK Limited} }