selection of optimal countermeasure portfolio in it security planning
DESCRIPTION
Selection of optimal countermeasure portfolio in IT security planning. Author : Tadeusz Sawik Decision Support Systems Volume 55, Issue 1, April 2013, Pages 156–164 Adviser : Frank, Yeong -Sung Lin Presenter: Yi- Cin Lin. Agenda. Introduction Problem description Model - PowerPoint PPT PresentationTRANSCRIPT
![Page 1: Selection of optimal countermeasure portfolio in IT security planning](https://reader035.vdocuments.us/reader035/viewer/2022081512/568162bc550346895dd34755/html5/thumbnails/1.jpg)
Selection of optimal countermeasure portfolio in
IT security planning
Author: Tadeusz SawikDecision Support Systems Volume 55, Issue 1, April 2013, Pages 156–164
Adviser: Frank, Yeong-Sung LinPresenter: Yi-Cin Lin
![Page 2: Selection of optimal countermeasure portfolio in IT security planning](https://reader035.vdocuments.us/reader035/viewer/2022081512/568162bc550346895dd34755/html5/thumbnails/2.jpg)
Introduction
Problem description
ModelSingle-objective approachBi-objective approach
Computational examples
Conclusion
Agenda
![Page 3: Selection of optimal countermeasure portfolio in IT security planning](https://reader035.vdocuments.us/reader035/viewer/2022081512/568162bc550346895dd34755/html5/thumbnails/3.jpg)
Introduction
Problem description
ModelSingle-objective approachBi-objective approach
Computational examples
Conclusion
Agenda
![Page 4: Selection of optimal countermeasure portfolio in IT security planning](https://reader035.vdocuments.us/reader035/viewer/2022081512/568162bc550346895dd34755/html5/thumbnails/4.jpg)
The various actions developed to prevent intrusions or to mitigate the impact of successful breaches are called controls or countermeasures.
Introduction
Countermeasures
Limit physical access
Block access or protect privacy over networks
Recovery
![Page 5: Selection of optimal countermeasure portfolio in IT security planning](https://reader035.vdocuments.us/reader035/viewer/2022081512/568162bc550346895dd34755/html5/thumbnails/5.jpg)
In practice, even the most sophisticated countermeasures cannot be expected to completely block attacks.
This paper deals with the optimal selection of countermeasures in IT security planning to prevent or mitigate cyber-threats and a mixed integer programming approach is proposed for the decision making.
Introduction
![Page 6: Selection of optimal countermeasure portfolio in IT security planning](https://reader035.vdocuments.us/reader035/viewer/2022081512/568162bc550346895dd34755/html5/thumbnails/6.jpg)
The problem is formulated as a single- or bi-objective mixed integer program
Introduction
Single-objective
Risk-neutral Minimize expected cost
Risk-averse Minimization of expected worst-
case cost
![Page 7: Selection of optimal countermeasure portfolio in IT security planning](https://reader035.vdocuments.us/reader035/viewer/2022081512/568162bc550346895dd34755/html5/thumbnails/7.jpg)
The bi-objective trade-off model provides the decision maker with a simple tool for balancing expected and worst-case losses and for shaping of the resulting cost distribution through the selection of optimal subset of countermeasures.
Introduction
![Page 8: Selection of optimal countermeasure portfolio in IT security planning](https://reader035.vdocuments.us/reader035/viewer/2022081512/568162bc550346895dd34755/html5/thumbnails/8.jpg)
Introduction
Problem description
ModelsSingle-objective approachBi-objective approach
Computational examples
Conclusion
Agenda
![Page 9: Selection of optimal countermeasure portfolio in IT security planning](https://reader035.vdocuments.us/reader035/viewer/2022081512/568162bc550346895dd34755/html5/thumbnails/9.jpg)
The blocking effectiveness of each countermeasure is assumed to be independent whether or not it is used alone or together with other countermeasures.
Problem description
![Page 10: Selection of optimal countermeasure portfolio in IT security planning](https://reader035.vdocuments.us/reader035/viewer/2022081512/568162bc550346895dd34755/html5/thumbnails/10.jpg)
Notation
Total of potential scenarios.
Problem description
![Page 11: Selection of optimal countermeasure portfolio in IT security planning](https://reader035.vdocuments.us/reader035/viewer/2022081512/568162bc550346895dd34755/html5/thumbnails/11.jpg)
Denote by the probability of threat .
Notation
The probability of attack scenario inthe presence of independent threat events is
Problem description
![Page 12: Selection of optimal countermeasure portfolio in IT security planning](https://reader035.vdocuments.us/reader035/viewer/2022081512/568162bc550346895dd34755/html5/thumbnails/12.jpg)
Notation
indicates that countermeasure
totally prevents successful attacks of threat .
denotes that countermeasure is totally incapable of mitigating threat .
Problem description
![Page 13: Selection of optimal countermeasure portfolio in IT security planning](https://reader035.vdocuments.us/reader035/viewer/2022081512/568162bc550346895dd34755/html5/thumbnails/13.jpg)
The proportion of successful attacks of threats type that survive all
countermeasures in the subset of selected countermeasures is
The expected proportion of successful attacks of threat type for the subset of selected countermeasures is
Problem description
![Page 14: Selection of optimal countermeasure portfolio in IT security planning](https://reader035.vdocuments.us/reader035/viewer/2022081512/568162bc550346895dd34755/html5/thumbnails/14.jpg)
Notation
The subset of selected countermeasures must satisfy the available budget
constraint
Problem description
![Page 15: Selection of optimal countermeasure portfolio in IT security planning](https://reader035.vdocuments.us/reader035/viewer/2022081512/568162bc550346895dd34755/html5/thumbnails/15.jpg)
The decision maker needs to decide which countermeasures to select to minimize losses from surviving occurrences of threats under limited budget for countermeasures implementation.
Problem description
![Page 16: Selection of optimal countermeasure portfolio in IT security planning](https://reader035.vdocuments.us/reader035/viewer/2022081512/568162bc550346895dd34755/html5/thumbnails/16.jpg)
Introduction
Problem description
ModelSingle-objective approachBi-objective approach
Computational examples
Conclusion
Agenda
![Page 17: Selection of optimal countermeasure portfolio in IT security planning](https://reader035.vdocuments.us/reader035/viewer/2022081512/568162bc550346895dd34755/html5/thumbnails/17.jpg)
In a risk-neutral operating condition the overall quality of the selected countermeasure portfolio can be measured by the expected cost of losses from successful attacks.
Model
Single-objective
Risk-neutral Minimize expected cost
SP_E SP_E+B
Risk-averse Minimization of expected worst-
case cost SP_CV
SP_CV+B
![Page 18: Selection of optimal countermeasure portfolio in IT security planning](https://reader035.vdocuments.us/reader035/viewer/2022081512/568162bc550346895dd34755/html5/thumbnails/18.jpg)
Notation
Countermeasure is selected for implementation if , otherwise .
Minimization of expected cost- NSP_E
![Page 19: Selection of optimal countermeasure portfolio in IT security planning](https://reader035.vdocuments.us/reader035/viewer/2022081512/568162bc550346895dd34755/html5/thumbnails/19.jpg)
Countermeasure is selected at exactly one level i.e.,
Notation
Minimization of expected cost- NSP_E
![Page 20: Selection of optimal countermeasure portfolio in IT security planning](https://reader035.vdocuments.us/reader035/viewer/2022081512/568162bc550346895dd34755/html5/thumbnails/20.jpg)
The proportion of successful attacks of threats type that survive all selected countermeasures is
As a result, the expected cost of losses from successful attacks is given by a nonlinear formula
Minimization of expected cost- NSP_E
![Page 21: Selection of optimal countermeasure portfolio in IT security planning](https://reader035.vdocuments.us/reader035/viewer/2022081512/568162bc550346895dd34755/html5/thumbnails/21.jpg)
Model NSP_E: Minimize Expected Cost (1)
Subject to1. Countermeasure selection
constraints
Minimization of expected cost- NSP_E
![Page 22: Selection of optimal countermeasure portfolio in IT security planning](https://reader035.vdocuments.us/reader035/viewer/2022081512/568162bc550346895dd34755/html5/thumbnails/22.jpg)
Subject to 2.Integrality conditions:
The nonlinear integer program NSP_E is computationally hard for solving, even for small size instances of the problem.
Minimization of expected cost- NSP_E
Computing the nonlinear objective
function
Recursive procedure by using a set of linear
equations
![Page 23: Selection of optimal countermeasure portfolio in IT security planning](https://reader035.vdocuments.us/reader035/viewer/2022081512/568162bc550346895dd34755/html5/thumbnails/23.jpg)
The nonlinear objective function (1) can be replaced with a formula
Minimization of expected cost- SP_E
![Page 24: Selection of optimal countermeasure portfolio in IT security planning](https://reader035.vdocuments.us/reader035/viewer/2022081512/568162bc550346895dd34755/html5/thumbnails/24.jpg)
In order to compute for each threat , a recursive procedure is proposed below.
Minimization of expected cost- SP_E
![Page 25: Selection of optimal countermeasure portfolio in IT security planning](https://reader035.vdocuments.us/reader035/viewer/2022081512/568162bc550346895dd34755/html5/thumbnails/25.jpg)
For each threat and countermeasure
can be calculated recursively as follows.
The initial condition is
The remaining terms
Minimization of expected cost- SP_E
![Page 26: Selection of optimal countermeasure portfolio in IT security planning](https://reader035.vdocuments.us/reader035/viewer/2022081512/568162bc550346895dd34755/html5/thumbnails/26.jpg)
In order to eliminate nonlinear terms in the right-hand side of Eq. (10), define an auxiliary variable
Minimization of expected cost- SP_E
![Page 27: Selection of optimal countermeasure portfolio in IT security planning](https://reader035.vdocuments.us/reader035/viewer/2022081512/568162bc550346895dd34755/html5/thumbnails/27.jpg)
and, in particular, for
Minimization of expected cost- SP_E
![Page 28: Selection of optimal countermeasure portfolio in IT security planning](https://reader035.vdocuments.us/reader035/viewer/2022081512/568162bc550346895dd34755/html5/thumbnails/28.jpg)
Minimization of expected cost- SP_E
![Page 29: Selection of optimal countermeasure portfolio in IT security planning](https://reader035.vdocuments.us/reader035/viewer/2022081512/568162bc550346895dd34755/html5/thumbnails/29.jpg)
Minimization of expected cost- SP_E
![Page 30: Selection of optimal countermeasure portfolio in IT security planning](https://reader035.vdocuments.us/reader035/viewer/2022081512/568162bc550346895dd34755/html5/thumbnails/30.jpg)
Comparison of Eqs. (12) and (15) produces to the following relation
Minimization of expected cost- SP_E
![Page 31: Selection of optimal countermeasure portfolio in IT security planning](https://reader035.vdocuments.us/reader035/viewer/2022081512/568162bc550346895dd34755/html5/thumbnails/31.jpg)
Minimization of expected cost- SP_E
![Page 32: Selection of optimal countermeasure portfolio in IT security planning](https://reader035.vdocuments.us/reader035/viewer/2022081512/568162bc550346895dd34755/html5/thumbnails/32.jpg)
The above procedure eliminates all variables for each .
Summarizing, the proportion of successful attacks = in For each threat can be calculated recursively, using Eqs. (17), (16) and (13) with replaced by .
Minimization of expected cost- SP_E
![Page 33: Selection of optimal countermeasure portfolio in IT security planning](https://reader035.vdocuments.us/reader035/viewer/2022081512/568162bc550346895dd34755/html5/thumbnails/33.jpg)
Model SP_E:Minimize Expected Cost (5)
subject to 1. Countermeasure selection
constraints Eqs. (2) and (3).
Minimization of expected cost- SP_E
![Page 34: Selection of optimal countermeasure portfolio in IT security planning](https://reader035.vdocuments.us/reader035/viewer/2022081512/568162bc550346895dd34755/html5/thumbnails/34.jpg)
Subject to 2. Surviving threats balance
constraints
Minimization of expected cost- SP_E
(17)
(16)
(15)
![Page 35: Selection of optimal countermeasure portfolio in IT security planning](https://reader035.vdocuments.us/reader035/viewer/2022081512/568162bc550346895dd34755/html5/thumbnails/35.jpg)
Subject to 3. Non-negativity and integrality
conditions:
Minimization of expected cost- SP_E
(4)
![Page 36: Selection of optimal countermeasure portfolio in IT security planning](https://reader035.vdocuments.us/reader035/viewer/2022081512/568162bc550346895dd34755/html5/thumbnails/36.jpg)
Selection of optimal countermeasure portfolio in
IT security planningAdviser: Frank, Yeong-Sung Lin
Presenter: Yi-Cin Lin
![Page 37: Selection of optimal countermeasure portfolio in IT security planning](https://reader035.vdocuments.us/reader035/viewer/2022081512/568162bc550346895dd34755/html5/thumbnails/37.jpg)
In a risk-neutral operating condition the overall quality of the selected countermeasure portfolio can be measured by the expected cost of losses from successful attacks.
Model
Single-objective
Risk-neutral Minimize expected cost
SP_E SP_E+B
Risk-averse Minimization of expected worst-
case cost SP_CV
SP_CV+B
![Page 38: Selection of optimal countermeasure portfolio in IT security planning](https://reader035.vdocuments.us/reader035/viewer/2022081512/568162bc550346895dd34755/html5/thumbnails/38.jpg)
![Page 39: Selection of optimal countermeasure portfolio in IT security planning](https://reader035.vdocuments.us/reader035/viewer/2022081512/568162bc550346895dd34755/html5/thumbnails/39.jpg)
Notation
Model SP_CV:Minimize
Minimize conditional value-at-risk
![Page 40: Selection of optimal countermeasure portfolio in IT security planning](https://reader035.vdocuments.us/reader035/viewer/2022081512/568162bc550346895dd34755/html5/thumbnails/40.jpg)
Subject to1. Countermeasure selection constraints: Eqs. (2)–(3).2. Surviving threats balance constraints: Eqs. (18)–(21).3. Risk constraints:
4. Non-negativity and integrality conditions: Eqs. (22)–(24)
Minimize conditional value-at-risk
![Page 41: Selection of optimal countermeasure portfolio in IT security planning](https://reader035.vdocuments.us/reader035/viewer/2022081512/568162bc550346895dd34755/html5/thumbnails/41.jpg)
Models SP_E and SP_CV can be enhanced for simultaneous optimization of the expenditures on countermeasures and the cost of losses from successful attacks.
Removed constraints (3)
Minimize conditional value-at-risk
![Page 42: Selection of optimal countermeasure portfolio in IT security planning](https://reader035.vdocuments.us/reader035/viewer/2022081512/568162bc550346895dd34755/html5/thumbnails/42.jpg)
Model SP_E+BMinimize Required Budget and Expected Cost
subject to Eqs. (2), (18)–(24) and (28)
Minimize conditional value-at-risk
![Page 43: Selection of optimal countermeasure portfolio in IT security planning](https://reader035.vdocuments.us/reader035/viewer/2022081512/568162bc550346895dd34755/html5/thumbnails/43.jpg)
Model SP_CV+BMinimize Required Budget and CVaR
subject to Eqs. (2) and (18)–(28)
Minimize conditional value-at-risk
![Page 44: Selection of optimal countermeasure portfolio in IT security planning](https://reader035.vdocuments.us/reader035/viewer/2022081512/568162bc550346895dd34755/html5/thumbnails/44.jpg)
Introduction
Problem description
ModelSingle-objective approachBi-objective approach
Computational examples
Conclusion
Agenda
![Page 45: Selection of optimal countermeasure portfolio in IT security planning](https://reader035.vdocuments.us/reader035/viewer/2022081512/568162bc550346895dd34755/html5/thumbnails/45.jpg)
In the single objective approach the countermeasure portfolio is selected by minimizing either the expected loss (plus the required budget) or the expected worst-case loss (plus the required budget).
Bi-objective approach
![Page 46: Selection of optimal countermeasure portfolio in IT security planning](https://reader035.vdocuments.us/reader035/viewer/2022081512/568162bc550346895dd34755/html5/thumbnails/46.jpg)
Model WSPMinimize
Subject to
Eqs. (2), (5) and (18)–(28)
Bi-objective approach
![Page 47: Selection of optimal countermeasure portfolio in IT security planning](https://reader035.vdocuments.us/reader035/viewer/2022081512/568162bc550346895dd34755/html5/thumbnails/47.jpg)
Decision maker controls Risk of high losses by choosing the
confidence level αtrade-off between expected and worst-
case losses by choosing the trade-off parameter λ.
Bi-objective approach
![Page 48: Selection of optimal countermeasure portfolio in IT security planning](https://reader035.vdocuments.us/reader035/viewer/2022081512/568162bc550346895dd34755/html5/thumbnails/48.jpg)
Introduction
Problem description
ModelSingle-objective approachBi-objective approach
Computational examples
Conclusion
Agenda
![Page 49: Selection of optimal countermeasure portfolio in IT security planning](https://reader035.vdocuments.us/reader035/viewer/2022081512/568162bc550346895dd34755/html5/thumbnails/49.jpg)
The data set is similar to the one presented in [20], which was based on the threat set reported on IT security forum EndpointSecurity.org
Computational examples
![Page 50: Selection of optimal countermeasure portfolio in IT security planning](https://reader035.vdocuments.us/reader035/viewer/2022081512/568162bc550346895dd34755/html5/thumbnails/50.jpg)
= , the number of threats and the number of countermeasures, were equal to 10, and the corresponding number
of potential attack scenarios, was equal to 1024.
Computational examples
![Page 51: Selection of optimal countermeasure portfolio in IT security planning](https://reader035.vdocuments.us/reader035/viewer/2022081512/568162bc550346895dd34755/html5/thumbnails/51.jpg)
Computational examples
![Page 52: Selection of optimal countermeasure portfolio in IT security planning](https://reader035.vdocuments.us/reader035/viewer/2022081512/568162bc550346895dd34755/html5/thumbnails/52.jpg)
Computational examples
![Page 53: Selection of optimal countermeasure portfolio in IT security planning](https://reader035.vdocuments.us/reader035/viewer/2022081512/568162bc550346895dd34755/html5/thumbnails/53.jpg)
Computational examples
![Page 54: Selection of optimal countermeasure portfolio in IT security planning](https://reader035.vdocuments.us/reader035/viewer/2022081512/568162bc550346895dd34755/html5/thumbnails/54.jpg)
Computational examples
![Page 55: Selection of optimal countermeasure portfolio in IT security planning](https://reader035.vdocuments.us/reader035/viewer/2022081512/568162bc550346895dd34755/html5/thumbnails/55.jpg)
Computational examples
![Page 56: Selection of optimal countermeasure portfolio in IT security planning](https://reader035.vdocuments.us/reader035/viewer/2022081512/568162bc550346895dd34755/html5/thumbnails/56.jpg)
Computational examples
![Page 57: Selection of optimal countermeasure portfolio in IT security planning](https://reader035.vdocuments.us/reader035/viewer/2022081512/568162bc550346895dd34755/html5/thumbnails/57.jpg)
Computational examples
![Page 58: Selection of optimal countermeasure portfolio in IT security planning](https://reader035.vdocuments.us/reader035/viewer/2022081512/568162bc550346895dd34755/html5/thumbnails/58.jpg)
For the bi-objective approach, the subsets of nondominated solutions were computed by parameterization on λ∈{0.01,0.10,0.25,0.50,0.75,0.90,0.99} the weighted-sum program WSP.
Computational examples
![Page 59: Selection of optimal countermeasure portfolio in IT security planning](https://reader035.vdocuments.us/reader035/viewer/2022081512/568162bc550346895dd34755/html5/thumbnails/59.jpg)
Computational examples
![Page 60: Selection of optimal countermeasure portfolio in IT security planning](https://reader035.vdocuments.us/reader035/viewer/2022081512/568162bc550346895dd34755/html5/thumbnails/60.jpg)
Computational examples
![Page 61: Selection of optimal countermeasure portfolio in IT security planning](https://reader035.vdocuments.us/reader035/viewer/2022081512/568162bc550346895dd34755/html5/thumbnails/61.jpg)
The computational experiments prove that for a limited number of attack scenarios considered, the optimal risk-averse portfolio can be found within CPU seconds, using the Gurobi solver for mixed integer programming.
Conclusion
![Page 62: Selection of optimal countermeasure portfolio in IT security planning](https://reader035.vdocuments.us/reader035/viewer/2022081512/568162bc550346895dd34755/html5/thumbnails/62.jpg)
A critical issue that needs to be considered before any practical application of the proposed models is attempted, however, is the estimation of probabilities and the resulting losses associated with each type of threats and countermeasures.
Conclusion
![Page 63: Selection of optimal countermeasure portfolio in IT security planning](https://reader035.vdocuments.us/reader035/viewer/2022081512/568162bc550346895dd34755/html5/thumbnails/63.jpg)
In practice, threat likelihood estimates are provided by security experts (e.g., [24]) and complete distributional information is not available.
However, the proposed scenario-based approach does not require such a complete information to be available and only assumes independence of differentthreat events.
Conclusion
![Page 64: Selection of optimal countermeasure portfolio in IT security planning](https://reader035.vdocuments.us/reader035/viewer/2022081512/568162bc550346895dd34755/html5/thumbnails/64.jpg)
Thanks for your listening!