IDEAS home Printed from https://ideas.repec.org/a/eee/reensy/v205y2021ics0951832020305949.html
   My bibliography  Save this article

Risk management for cyber-infrastructure protection: A bi-objective integer programming approach

Author

Listed:
  • Schmidt, Adam
  • Albert, Laura A.
  • Zheng, Kaiyue

Abstract

Information and communication technology supply chains present risks that are complex and difficult for organizations to manage. The cost and benefit of proposed security controls must be assessed to best match an organizational risk tolerance and direct the use of security resources. In this paper, we present integer and stochastic optimization models for selecting a portfolio of security controls within an organizational budget. We consider two objectives: to maximize the risk reduction across all potential attacks and to maximize the number of attacks whose risk levels are lower than a risk threshold after security controls are applied. Deterministic and stochastic bi-objective budgeted difficulty-threshold control selection problems are formulated for selecting mitigating controls to reflect an organization’s risk preference. In the stochastic problem, we consider uncertainty as to whether the selected controls can reduce the risks associated with attacks. We demonstrate through a computational study that the trade-off between the two objectives is important to consider for certain risk preferences and budgets. We demonstrate the value of the stochastic model when a relatively high number of attacks are desired to be secured past a risk threshold and show the deterministic solution provides near optimal solutions otherwise. We provide an analysis of model solutions.

Suggested Citation

  • Schmidt, Adam & Albert, Laura A. & Zheng, Kaiyue, 2021. "Risk management for cyber-infrastructure protection: A bi-objective integer programming approach," Reliability Engineering and System Safety, Elsevier, vol. 205(C).
    • Handle: RePEc:eee:reensy:v:205:y:2021:i:c:s0951832020305949
    DOI: 10.1016/j.ress.2020.107093
    as

    Download full text from publisher

    File URL: http://www.sciencedirect.com/science/article/pii/S0951832020305949
    Download Restriction: Full text for ScienceDirect subscribers only
    File URL: https://libkey.io/10.1016/j.ress.2020.107093?utm_source=ideas
    LibKey link: if access is restricted and if your library uses this service, LibKey will redirect you to where you can use your library subscription to access this item
    ---><---

    As the access to this document is restricted, you may want to search for a different version of it.

    References listed on IDEAS

    as
    1. Rong, Aiying & Figueira, José Rui, 2014. "Dynamic programming algorithms for the bi-objective integer knapsack problem," European Journal of Operational Research, Elsevier, vol. 236(1), pages 85-99.
    2. Alexander A. Ganin & Phuoc Quach & Mahesh Panwar & Zachary A. Collier & Jeffrey M. Keisler & Dayton Marchese & Igor Linkov, 2020. "Multicriteria Decision Framework for Cybersecurity Risk Assessment and Management," Risk Analysis, John Wiley & Sons, vol. 40(1), pages 183-199, January.
    3. Natalie M. Scala & Allison C. Reilly & Paul L. Goethals & Michel Cukier, 2019. "Risk and the Five Hard Problems of Cybersecurity," Risk Analysis, John Wiley & Sons, vol. 39(10), pages 2119-2126, October.
    4. Mavrotas, George & Florios, Kostas, 2013. "An improved version of the augmented epsilon-constraint method (AUGMECON2) for finding the exact Pareto set in Multi-Objective Integer Programming problems," MPRA Paper 105034, University Library of Munich, Germany.
    5. Zhang, Weihua & Reimann, Marc, 2014. "A simple augmented ∊-constraint method for multi-objective mathematical integer programming problems," European Journal of Operational Research, Elsevier, vol. 234(1), pages 15-24.
    6. Kaiyue Zheng & Laura A. Albert, 2019. "Interdiction models for delaying adversarial attacks against critical information technology infrastructure," Naval Research Logistics (NRL), John Wiley & Sons, vol. 66(5), pages 411-429, August.
    7. Kaiyue Zheng & Laura A. Albert & James R. Luedtke & Eli Towle, 2019. "A budgeted maximum multiple coverage model for cybersecurity planning and management," IISE Transactions, Taylor & Francis Journals, vol. 51(12), pages 1303-1317, December.
    8. Kaiyue Zheng & Laura A. Albert, 2019. "A Robust Approach for Mitigating Risks in Cyber Supply Chains," Risk Analysis, John Wiley & Sons, vol. 39(9), pages 2076-2092, September.
    9. Donkers, Bas & Melenberg, Bertrand & Van Soest, Arthur, 2001. "Estimating Risk Attitudes Using Lotteries: A Large Sample Approach," Journal of Risk and Uncertainty, Springer, vol. 22(2), pages 165-195, March.
    10. Laumanns, Marco & Thiele, Lothar & Zitzler, Eckart, 2006. "An efficient, adaptive parameter variation scheme for metaheuristics based on the epsilon-constraint method," European Journal of Operational Research, Elsevier, vol. 169(3), pages 932-942, March.
    11. Daniel DiMase & Zachary A. Collier & Jinae Carlson & Robin B. Gray & Igor Linkov, 2016. "Traceability and Risk Analysis Strategies for Addressing Counterfeit Electronics in Supply Chains for Complex Systems," Risk Analysis, John Wiley & Sons, vol. 36(10), pages 1834-1843, October.
    12. Konak, Abdullah & Coit, David W. & Smith, Alice E., 2006. "Multi-objective optimization using genetic algorithms: A tutorial," Reliability Engineering and System Safety, Elsevier, vol. 91(9), pages 992-1007.
    Full references (including those not matched with items on IDEAS)

    Citations

    Citations are extracted by the CitEc Project, subscribe to its RSS feed for this item.
    as


    Cited by:

    1. Tang, Daogui & Fang, Yi-Ping & Zio, Enrico, 2023. "Vulnerability analysis of demand-response with renewable energy integration in smart grids to cyber attacks and online detection methods," Reliability Engineering and System Safety, Elsevier, vol. 235(C).
    2. Wang, Lei & Liu, Qing & Dong, Shiyu & Guedes Soares, C., 2022. "Selection of countermeasure portfolio for shipping safety with consideration of investment risk aversion," Reliability Engineering and System Safety, Elsevier, vol. 219(C).

    Most related items

    These are the items that most often cite the same works as this one and are cited by the same works as this one.
    1. Holzmann, Tim & Smith, J.C., 2018. "Solving discrete multi-objective optimization problems using modified augmented weighted Tchebychev scalarizations," European Journal of Operational Research, Elsevier, vol. 271(2), pages 436-449.
    2. Hartillo-Hermoso, María Isabel & Jiménez-Tafur, Haydee & Ucha-Enríquez, José María, 2020. "An exact algebraic ϵ-constraint method for bi-objective linear integer programming based on test sets," European Journal of Operational Research, Elsevier, vol. 282(2), pages 453-463.
    3. Alexandros Nikas & Angelos Fountoulakis & Aikaterini Forouli & Haris Doukas, 2022. "A robust augmented ε-constraint method (AUGMECON-R) for finding exact solutions of multi-objective linear programming problems," Operational Research, Springer, vol. 22(2), pages 1291-1332, April.
    4. Rong, Aiying & Figueira, José Rui, 2014. "Dynamic programming algorithms for the bi-objective integer knapsack problem," European Journal of Operational Research, Elsevier, vol. 236(1), pages 85-99.
    5. Bashir Bashir & Özlem Karsu, 2022. "Solution approaches for equitable multiobjective integer programming problems," Annals of Operations Research, Springer, vol. 311(2), pages 967-995, April.
    6. Satya Tamby & Daniel Vanderpooten, 2021. "Enumeration of the Nondominated Set of Multiobjective Discrete Optimization Problems," INFORMS Journal on Computing, INFORMS, vol. 33(1), pages 72-85, January.
    7. Mesquita-Cunha, Mariana & Figueira, José Rui & Barbosa-Póvoa, Ana Paula, 2023. "New ϵ−constraint methods for multi-objective integer linear programming: A Pareto front representation approach," European Journal of Operational Research, Elsevier, vol. 306(1), pages 286-307.
    8. Martin Eling & Michael McShane & Trung Nguyen, 2021. "Cyber risk management: History and future research directions," Risk Management and Insurance Review, American Risk and Insurance Association, vol. 24(1), pages 93-125, March.
    9. Di Martinelly, Christine & Meskens, Nadine, 2017. "A bi-objective integrated approach to building surgical teams and nurse schedule rosters to maximise surgical team affinities and minimise nurses' idle time," International Journal of Production Economics, Elsevier, vol. 191(C), pages 323-334.
    10. David Bergman & Merve Bodur & Carlos Cardonha & Andre A. Cire, 2022. "Network Models for Multiobjective Discrete Optimization," INFORMS Journal on Computing, INFORMS, vol. 34(2), pages 990-1005, March.
    11. Hombach, Laura Elisabeth & Walther, Grit, 2015. "Pareto-efficient legal regulation of the (bio)fuel market using a bi-objective optimization model," European Journal of Operational Research, Elsevier, vol. 245(1), pages 286-295.
    12. Özarık, Sami Serkan & Lokman, Banu & Köksalan, Murat, 2020. "Distribution based representative sets for multi-objective integer programs," European Journal of Operational Research, Elsevier, vol. 284(2), pages 632-643.
    13. Hao Yu & Wei Deng Solvang, 2016. "An Improved Multi-Objective Programming with Augmented ε -Constraint Method for Hazardous Waste Location-Routing Problems," IJERPH, MDPI, vol. 13(6), pages 1-21, May.
    14. Lakmali Weerasena & Aniekan Ebiefung & Anthony Skjellum, 2022. "Design of a heuristic algorithm for the generalized multi-objective set covering problem," Computational Optimization and Applications, Springer, vol. 82(3), pages 717-751, July.
    15. Kaiyue Zheng & Laura A. Albert, 2019. "Interdiction models for delaying adversarial attacks against critical information technology infrastructure," Naval Research Logistics (NRL), John Wiley & Sons, vol. 66(5), pages 411-429, August.
    16. Mohammad S. Roni & Sandra D. Eksioglu & Kara G. Cafferty & Jacob J. Jacobson, 2017. "A multi-objective, hub-and-spoke model to design and manage biofuel supply chains," Annals of Operations Research, Springer, vol. 249(1), pages 351-380, February.
    17. Mavrotas, George & Florios, Kostas & Figueira, José Rui, 2015. "An improved version of a core based algorithm for the multi-objective multi-dimensional knapsack problem: A computational study and comparison with meta-heuristics," Applied Mathematics and Computation, Elsevier, vol. 270(C), pages 25-43.
    18. Zahiri, Behzad & Zhuang, Jun & Mohammadi, Mehrdad, 2017. "Toward an integrated sustainable-resilient supply chain: A pharmaceutical case study," Transportation Research Part E: Logistics and Transportation Review, Elsevier, vol. 103(C), pages 109-142.
    19. Justus Bonz, 2021. "Application of a multi-objective multi traveling salesperson problem with time windows," Public Transport, Springer, vol. 13(1), pages 35-57, March.
    20. Florios, Kostas & Mavrotas, George, 2014. "Generation of the exact Pareto set in multi-objective traveling salesman and set covering problems," MPRA Paper 105074, University Library of Munich, Germany.

    Corrections

    All material on this site has been provided by the respective publishers and authors. You can help correct errors and omissions. When requesting a correction, please mention this item's handle: RePEc:eee:reensy:v:205:y:2021:i:c:s0951832020305949. See general information about how to correct material in RePEc.

    If you have authored this item and are not yet registered with RePEc, we encourage you to do it here. This allows to link your profile to this item. It also allows you to accept potential citations to this item that we are uncertain about.

    If CitEc recognized a bibliographic reference but did not link an item in RePEc to it, you can help with this form .

    If you know of missing items citing this one, you can help us creating those links by adding the relevant references in the same way as above, for each refering item. If you are a registered author of this item, you may also want to check the "citations" tab in your RePEc Author Service profile, as there may be some citations waiting for confirmation.

    For technical questions regarding this item, or to correct its authors, title, abstract, bibliographic or download information, contact: Catherine Liu (email available below). General contact details of provider: https://www.journals.elsevier.com/reliability-engineering-and-system-safety .

    Please note that corrections may take a couple of weeks to filter through the various RePEc services.

    IDEAS is a RePEc service. RePEc uses bibliographic data supplied by the respective publishers.