Szczegóły publikacji
Opis bibliograficzny
A rough cut cybersecurity investment using portfolio of security controls with maximum cybersecurity value / Tadeusz SAWIK, Bartosz SAWIK // International Journal of Production Research ; ISSN 0020-7543. — 2022 — vol. 60 no. 21, s. 6556–6572. — Bibliogr. s. 6569–6570, Abstr. — Publikacja dostępna online od: 2021-11-05. — T. Sawik - dod. afiliacja: Reykjavik University, Reykjavik, Iceland ; B. Sawik - dod. afiliacje: Public University of Navarre, Pamplona, Spain; University of California, Berkeley, USA
Autorzy (2)
Słowa kluczowe
Dane bibliometryczne
ID BaDAP | 143572 |
---|---|
Data dodania do BaDAP | 2022-11-08 |
Tekst źródłowy | URL |
DOI | 10.1080/00207543.2021.1994166 |
Rok publikacji | 2022 |
Typ publikacji | artykuł w czasopiśmie |
Otwarty dostęp | |
Czasopismo/seria | International Journal of Production Research |
Abstract
This paper deals with optimisation of cybersecurity investment in supply chains using stochastic programming approach. A classical exponential function of breach probability and the intuitive idea of ‘the expected net benefits’, originally presented in 2002 by Gordon and Loeb, were applied to introduce the concept of cybersecurity value. The cybersecurity value of security control is defined as the value gained by implementing a single control to secure a subset of components. The cybersecurity value of a control can be seen as a measure of its efficiency in reducing vulnerability of a secured system or component. A mixed binary optimisation problem, next transformed into an unconstrained binary program is developed to maximise total cybersecurity value of control portfolio. The optimal solution to the binary program provides a simple formula to immediately obtain the portfolio of security controls with maximum total cybersecurity value and determine a rough cut cybersecurity investment. This study also shows that portfolio of security controls with maximum total cybersecurity value reduces the losses from security breaches and mitigate the impact of cyber risk.