Multi-objective decision support for IT security control selection

Autor(en)
Elmar Kiesling, Andreas Ekelhart, Bernhard Grill, Christine Strauss, Christian Stummer
Abstrakt

Identifying an optimal sets of security controls to protect complex information
systems is a challenging problem. The aim of the research project MOSES3 is to develop and implement a framework that supports decision-makers in this task. Our approach rests upon comprehensive modeling of security knowledge, dynamic attack tree generation techniques, discrete event simulation of sophisticated attacks that exploit emergent weaknesses, and multi-objective optimization of security
control portfolios. In our talk we outline the overall framework and present preliminary results.

Organisation(en)
Institut für Rechnungswesen, Innovation und Strategie
Externe Organisation(en)
Technische Universität Wien, Secure Business Austria (SBA), Universität Bielefeld
Seiten
253
Publikationsdatum
2013
ÖFOS 2012
102016 IT-Sicherheit, 107007 Risikoforschung, 101015 Operations Research
Schlagwörter
Link zum Portal
https://ucrisportal.univie.ac.at/de/publications/multiobjective-decision-support-for-it-security-control-selection(1018ce25-bc38-4c79-a335-adf2613a0bf4).html