Szczegóły publikacji

Opis bibliograficzny

A rough cut cybersecurity investment using portfolio of security controls with maximum cybersecurity value / Tadeusz SAWIK, Bartosz SAWIK // International Journal of Production Research ; ISSN 0020-7543. — 2022 — vol. 60 no. 21, s. 6556–6572. — Bibliogr. s. 6569–6570, Abstr. — Publikacja dostępna online od: 2021-11-05. — T. Sawik - dod. afiliacja: Reykjavik University, Reykjavik, Iceland ; B. Sawik - dod. afiliacje: Public University of Navarre, Pamplona, Spain; University of California, Berkeley, USA

Autorzy (2)

Słowa kluczowe

cybersecurity investmentcybersecurity of supply chainsmixed integer linear programmingunconstrained binary programsecurity control portfolio

Dane bibliometryczne

ID BaDAP143572
Data dodania do BaDAP2022-11-08
Tekst źródłowyURL
DOI10.1080/00207543.2021.1994166
Rok publikacji2022
Typ publikacjiartykuł w czasopiśmie
Otwarty dostęptak
Czasopismo/seriaInternational Journal of Production Research

Abstract

This paper deals with optimisation of cybersecurity investment in supply chains using stochastic programming approach. A classical exponential function of breach probability and the intuitive idea of ‘the expected net benefits’, originally presented in 2002 by Gordon and Loeb, were applied to introduce the concept of cybersecurity value. The cybersecurity value of security control is defined as the value gained by implementing a single control to secure a subset of components. The cybersecurity value of a control can be seen as a measure of its efficiency in reducing vulnerability of a secured system or component. A mixed binary optimisation problem, next transformed into an unconstrained binary program is developed to maximise total cybersecurity value of control portfolio. The optimal solution to the binary program provides a simple formula to immediately obtain the portfolio of security controls with maximum total cybersecurity value and determine a rough cut cybersecurity investment. This study also shows that portfolio of security controls with maximum total cybersecurity value reduces the losses from security breaches and mitigate the impact of cyber risk.

Publikacje, które mogą Cię zainteresować

artykuł
Balancing cybersecurity in a supply chain under direct and indirect cyber risks / Tadeusz SAWIK // International Journal of Production Research ; ISSN 0020-7543. — 2022 — vol. 60 no. 2, s. 766-782. — Bibliogr. s. 782, Abstr. — Publikacja dostępna online od: 2021-04-20. — Dod. afiliacja: Reykjavik University, Reykjavik, Iceland
Szczegóły
artykuł
A linear model for optimal cybersecurity investment in Industry 4.0 supply chains / Tadeusz SAWIK // International Journal of Production Research ; ISSN 0020-7543. — 2022 — vol. 60 no. 4, s. 1368-1385. — Bibliogr. s. 1383-1384, Abstr. — Publikacja dostępna online od: 2020-12-08. — Dod. afiliacja: Department of Engineering, Reykjavik University, Reykjavik, Iceland
Szczegóły