A Hybrid Tabu Genetic Metaheuristic for Selection of Security Controls

A Hybrid Tabu Genetic Metaheuristic for Selection of Security Controls

Sarala Ramkumar (Pondicherry Engineering College, Pondicherry, India), Zayaraz Godandapani (Pondicherry Engineering College, Pondicherry, India) and Vijayalakshmi Vivekanandan (Pondicherry Engineering College, Pondicherry, India)
Copyright: © 2019 |Pages: 22
DOI: 10.4018/IJAMC.2019100103

Abstract

In the modern world, globalization has made way for easy access to information systems for running businesses effectively. The misuse of information systems may lead to loss of productivity, revenue, and sometimes to legal liabilities. Therefore, information security is a major concern for running the business successfully. It is the responsibility of the information security personnel of an organization to develop strategies, and identify the suitable controls to mitigate the risks to which the organization is exposed to. Selection of a suitable set of security controls depends upon, the risks to be addressed, the impact of the risks in terms of revenue, and the cost incurred in implementing the selected controls. To assist in the selection of optimal security controls a hybrid intelligent approach combining the tabu search technique and genetic algorithm has been proposed. The obtained results prove that the proposed approach provides better results in the selection of optimal counter measures.
Article Preview
Top

Determining the set of security controls that are appropriate and cost effective for a given situation is a complex task as it involves, matching the threats to vulnerabilities, identifying the frequency of the attacks, and mapping between the vulnerabilities to the security controls. The techniques that have been proposed in the literature for solving this multi-objective problem can be classified into defence based approaches and optimization-based approaches. The defence based approaches address from the attacker perspective and use attack countermeasure trees and scenario modelling to decide on appropriate security controls. The optimization-based approaches however focus on the objectives such as cost of security controls, vulnerabilities addressed and residual risks. Economic indicators like return on investment, net present value are also used to find the suitable security controls.

Complete Article List

Search this Journal:
Reset
Open Access Articles: Forthcoming
Volume 11: 4 Issues (2020): 3 Released, 1 Forthcoming
Volume 10: 4 Issues (2019)
Volume 9: 4 Issues (2018)
Volume 8: 4 Issues (2017)
Volume 7: 4 Issues (2016)
Volume 6: 4 Issues (2015)
Volume 5: 4 Issues (2014)
Volume 4: 4 Issues (2013)
Volume 3: 4 Issues (2012)
Volume 2: 4 Issues (2011)
Volume 1: 4 Issues (2010)
View Complete Journal Contents Listing