IDEAS home Printed from https://ideas.repec.org/a/spr/infsem/v18y2020i2d10.1007_s10257-020-00470-8.html
   My bibliography  Save this article

Mapping the variations for implementing information security controls to their operational research solutions

Author

Listed:
  • Mauricio Diéguez

    (Universidad de La Frontera)

  • Jaime Bustos

    (Universidad de La Frontera)

  • Carlos Cares

    (Universidad de La Frontera)

Abstract

Information Security Management is currently guided by process-based standards. Achieving one or some of these standards means deploying their corresponding set of security controls under different constraints on resources, budgets, information assets to protect, and risks to avoid or mitigate, among other factors. This constitutes a complex combinatorial problem in the decision-making process. To select, schedule and deploy these security controls, qualitative approaches have mainly been proposed. Quantitative approaches to information security management are just emerging, and they have been applied only to simplified theoretical cases. The purpose of this paper is to support the notion that the problems of implementing information security controls, in the sense of being put into effect, can be formulated as a family of existing and already solved optimization problems. The main result is a mapping from a set of seven information security management types of problems to their corresponding operational research formulations. A solved case from a governmental institution illustrates the use of the proposed map.

Suggested Citation

  • Mauricio Diéguez & Jaime Bustos & Carlos Cares, 2020. "Mapping the variations for implementing information security controls to their operational research solutions," Information Systems and e-Business Management, Springer, vol. 18(2), pages 157-186, June.
    • Handle: RePEc:spr:infsem:v:18:y:2020:i:2:d:10.1007_s10257-020-00470-8
    DOI: 10.1007/s10257-020-00470-8
    as

    Download full text from publisher

    File URL: http://link.springer.com/10.1007/s10257-020-00470-8
    File Function: Abstract
    Download Restriction: Access to the full text of the articles in this series is restricted.
    File URL: https://libkey.io/10.1007/s10257-020-00470-8?utm_source=ideas
    LibKey link: if access is restricted and if your library uses this service, LibKey will redirect you to where you can use your library subscription to access this item
    ---><---

    As the access to this document is restricted, you may want to search for a different version of it.

    References listed on IDEAS

    as
    1. Hoogeveen, Han, 2005. "Multicriteria scheduling," European Journal of Operational Research, Elsevier, vol. 167(3), pages 592-623, December.
    2. Wascher, Gerhard & Hau[ss]ner, Heike & Schumann, Holger, 2007. "An improved typology of cutting and packing problems," European Journal of Operational Research, Elsevier, vol. 183(3), pages 1109-1130, December.
    3. Samavati, Mehran & Essam, Daryl & Nehring, Micah & Sarker, Ruhul, 2017. "A methodology for the large-scale multi-period precedence-constrained knapsack problem: an application in the mining industry," International Journal of Production Economics, Elsevier, vol. 193(C), pages 12-20.
    4. Chen, Jiaqiong & Askin, Ronald G., 2009. "Project selection, scheduling and resource allocation with time dependent returns," European Journal of Operational Research, Elsevier, vol. 193(1), pages 23-34, February.
    5. Allahverdi, Ali & Ng, C.T. & Cheng, T.C.E. & Kovalyov, Mikhail Y., 2008. "A survey of scheduling problems with setup times or costs," European Journal of Operational Research, Elsevier, vol. 187(3), pages 985-1032, June.
    6. Koulamas, Christos, 2010. "The single-machine total tardiness scheduling problem: Review and extensions," European Journal of Operational Research, Elsevier, vol. 202(1), pages 1-7, April.
    7. Yuri Mauergauz, 2016. "Advanced Planning and Scheduling in Manufacturing and Supply Chains," Springer Books, Springer, number 978-3-319-27523-9, September.
    8. Cheng, T. C. E. & Ng, C. T. & Yuan, J. J. & Liu, Z. H., 2005. "Single machine scheduling to minimize total weighted tardiness," European Journal of Operational Research, Elsevier, vol. 165(2), pages 423-443, September.
    9. Florios, Kostas & Mavrotas, George & Diakoulaki, Danae, 2010. "Solving multiobjective, multiconstraint knapsack problems using mathematical programming and evolutionary algorithms," European Journal of Operational Research, Elsevier, vol. 203(1), pages 14-21, May.
    10. Yu-Ping Ou Yang & How-Ming Shieh & Jun-Der Leu & Gwo-Hshiung Tzeng, 2009. "A Vikor-Based Multiple Criteria Decision Method For Improving Information Security Risk," International Journal of Information Technology & Decision Making (IJITDM), World Scientific Publishing Co. Pte. Ltd., vol. 8(02), pages 267-287.
    11. Herroelen, Willy & Leus, Roel, 2005. "Project scheduling under uncertainty: Survey and research potentials," European Journal of Operational Research, Elsevier, vol. 165(2), pages 289-306, September.
    12. S. I. Gass & Thomas L. Saaty, 1955. "Parametric Objective Function (Part 2)---Generalization," Operations Research, INFORMS, vol. 3(4), pages 395-401, November.
    13. Hamid Khajouei & Mehdi Kazemi & Seyed Hamed Moosavirad, 2017. "Ranking information security controls by using fuzzy analytic hierarchy process," Information Systems and e-Business Management, Springer, vol. 15(1), pages 1-19, February.
    14. Hartmann, Sönke & Briskorn, Dirk, 2010. "A survey of variants and extensions of the resource-constrained project scheduling problem," European Journal of Operational Research, Elsevier, vol. 207(1), pages 1-14, November.
    15. R. Bonazzi & L. Hussami & Y. Pigneur, 2009. "Compliance Management is Becoming a Major Issue in IS Design," Springer Books, in: Alessandro D'Atri & Domenico Saccà (ed.), Information Systems: People, Organizations, Institutions, and Technologies, pages 391-398, Springer.
    16. Edis, Emrah B. & Oguz, Ceyda & Ozkarahan, Irem, 2013. "Parallel machine scheduling with additional resources: Notation, classification, models and solution methods," European Journal of Operational Research, Elsevier, vol. 230(3), pages 449-463.
    17. Rainer Kolisch & Konrad Meyer, 2006. "Selection and Scheduling of Pharmaceutical Research Projects," International Series in Operations Research & Management Science, in: Joanna Józefowska & Jan Weglarz (ed.), Perspectives in Modern Project Scheduling, chapter 0, pages 321-344, Springer.
    18. Weglarz, Jan & Józefowska, Joanna & Mika, Marek & Waligóra, Grzegorz, 2011. "Project scheduling with finite or infinite number of activity processing modes - A survey," European Journal of Operational Research, Elsevier, vol. 208(3), pages 177-205, February.
    19. You, Byungjun & Yamada, Takeo, 2007. "A pegging approach to the precedence-constrained knapsack problem," European Journal of Operational Research, Elsevier, vol. 183(2), pages 618-632, December.
    Full references (including those not matched with items on IDEAS)

    Citations

    Citations are extracted by the CitEc Project, subscribe to its RSS feed for this item.
    as


    Cited by:

    1. Fotis Kitsios & Elpiniki Chatzidimitriou & Maria Kamariotou, 2023. "The ISO/IEC 27001 Information Security Management Standard: How to Extract Value from Data in the IT Sector," Sustainability, MDPI, vol. 15(7), pages 1-17, March.

    Most related items

    These are the items that most often cite the same works as this one and are cited by the same works as this one.
    1. Mauricio Diéguez & Jaime Bustos & Carlos Cares, 0. "Mapping the variations for implementing information security controls to their operational research solutions," Information Systems and e-Business Management, Springer, vol. 0, pages 1-30.
    2. Park, Jongyoon & Han, Jinil & Lee, Kyungsik, 2022. "Integer Optimization Model and Algorithm for the Stem Cell Culturing Problem," Omega, Elsevier, vol. 108(C).
    3. Xiong, Jian & Leus, Roel & Yang, Zhenyu & Abbass, Hussein A., 2016. "Evolutionary multi-objective resource allocation and scheduling in the Chinese navigation satellite system project," European Journal of Operational Research, Elsevier, vol. 251(2), pages 662-675.
    4. Hartmann, Sönke & Briskorn, Dirk, 2010. "A survey of variants and extensions of the resource-constrained project scheduling problem," European Journal of Operational Research, Elsevier, vol. 207(1), pages 1-14, November.
    5. Hua Wang & Jon Dieringer & Steve Guntz & Shankarraman Vaidyaraman & Shekhar Viswanath & Nikolaos H. Lappas & Sal Garcia-Munoz & Chrysanthos E. Gounaris, 2021. "Portfolio-Wide Optimization of Pharmaceutical R&D Activities Using Mathematical Programming," Interfaces, INFORMS, vol. 51(4), pages 262-279, July.
    6. Gómez Sánchez, Mariam & Lalla-Ruiz, Eduardo & Fernández Gil, Alejandro & Castro, Carlos & Voß, Stefan, 2023. "Resource-constrained multi-project scheduling problem: A survey," European Journal of Operational Research, Elsevier, vol. 309(3), pages 958-976.
    7. Christian Weckenborg & Karsten Kieckhäfer & Thomas S. Spengler & Patricia Bernstein, 2020. "The Volkswagen Pre-Production Center Applies Operations Research to Optimize Capacity Scheduling," Interfaces, INFORMS, vol. 50(2), pages 119-136, March.
    8. Roland Braune & Karl F. Doerner, 2017. "Real-world flexible resource profile scheduling with multiple criteria: learning scalarization functions for MIP and heuristic approaches," Journal of the Operational Research Society, Palgrave Macmillan;The OR Society, vol. 68(8), pages 952-972, August.
    9. Hartmann, Sönke & Briskorn, Dirk, 2008. "A survey of variants and extensions of the resource-constrained project scheduling problem," Working Paper Series 02/2008, Hamburg School of Business Administration (HSBA).
    10. Hartmann, Sönke & Briskorn, Dirk, 2022. "An updated survey of variants and extensions of the resource-constrained project scheduling problem," European Journal of Operational Research, Elsevier, vol. 297(1), pages 1-14.
    11. Estévez-Fernández, Arantza, 2012. "A game theoretical approach to sharing penalties and rewards in projects," European Journal of Operational Research, Elsevier, vol. 216(3), pages 647-657.
    12. Servranckx, Tom & Vanhoucke, Mario, 2019. "Strategies for project scheduling with alternative subgraphs under uncertainty: similar and dissimilar sets of schedules," European Journal of Operational Research, Elsevier, vol. 279(1), pages 38-53.
    13. Moukrim, Aziz & Quilliot, Alain & Toussaint, Hélène, 2015. "An effective branch-and-price algorithm for the Preemptive Resource Constrained Project Scheduling Problem based on minimal Interval Order Enumeration," European Journal of Operational Research, Elsevier, vol. 244(2), pages 360-368.
    14. Slotnick, Susan A., 2011. "Order acceptance and scheduling: A taxonomy and review," European Journal of Operational Research, Elsevier, vol. 212(1), pages 1-11, July.
    15. Ripon K. Chakrabortty & Ruhul A. Sarker & Daryl L. Essam, 2020. "Single mode resource constrained project scheduling with unreliable resources," Operational Research, Springer, vol. 20(3), pages 1369-1403, September.
    16. Beşikci, Umut & Bilge, Ümit & Ulusoy, Gündüz, 2015. "Multi-mode resource constrained multi-project scheduling and resource portfolio problem," European Journal of Operational Research, Elsevier, vol. 240(1), pages 22-31.
    17. Naber, Anulark & Kolisch, Rainer, 2014. "MIP models for resource-constrained project scheduling with flexible resource profiles," European Journal of Operational Research, Elsevier, vol. 239(2), pages 335-348.
    18. Fang, Yi-Ping & Sansavini, Giovanni, 2019. "Optimum post-disruption restoration under uncertainty for enhancing critical infrastructure resilience," Reliability Engineering and System Safety, Elsevier, vol. 185(C), pages 1-11.
    19. Ferreira, Cristiane & Figueira, Gonçalo & Amorim, Pedro, 2021. "Scheduling Human-Robot Teams in collaborative working cells," International Journal of Production Economics, Elsevier, vol. 235(C).
    20. Jeunet, Jully & Bou Orm, Mayassa, 2020. "Optimizing temporary work and overtime in the Time Cost Quality Trade-off Problem," European Journal of Operational Research, Elsevier, vol. 284(2), pages 743-761.

    Corrections

    All material on this site has been provided by the respective publishers and authors. You can help correct errors and omissions. When requesting a correction, please mention this item's handle: RePEc:spr:infsem:v:18:y:2020:i:2:d:10.1007_s10257-020-00470-8. See general information about how to correct material in RePEc.

    If you have authored this item and are not yet registered with RePEc, we encourage you to do it here. This allows to link your profile to this item. It also allows you to accept potential citations to this item that we are uncertain about.

    If CitEc recognized a bibliographic reference but did not link an item in RePEc to it, you can help with this form .

    If you know of missing items citing this one, you can help us creating those links by adding the relevant references in the same way as above, for each refering item. If you are a registered author of this item, you may also want to check the "citations" tab in your RePEc Author Service profile, as there may be some citations waiting for confirmation.

    For technical questions regarding this item, or to correct its authors, title, abstract, bibliographic or download information, contact: Sonal Shukla or Springer Nature Abstracting and Indexing (email available below). General contact details of provider: http://www.springer.com .

    Please note that corrections may take a couple of weeks to filter through the various RePEc services.

    IDEAS is a RePEc service. RePEc uses bibliographic data supplied by the respective publishers.