Journal of Information Technology Services (한국IT서비스학회지)

Korea Society of IT Services (한국IT서비스학회)
권호 표지
DOI QR코드

DOI QR Code

Optimization of Information Security Investment Considering the Level of Information Security Countermeasure: Genetic Algorithm Approach

정보보호 대책 수준을 고려한 정보보호 투자 최적화: 유전자 알고리즘 접근법

  • 임정현 (충북대학교 경영정보학과) ;
  • 김태성 (충북대학교 경영정보학과)
  • Received : 2019.11.04
  • Accepted : 2019.12.16
  • Published : 2019.12.31
Download PDF
⟨ Previous Next ⟩

Abstract

With the emergence of new ICT technologies, information security threats are becoming more advanced, intelligent, and diverse. Even though the awareness of the importance of information security increases, the information security budget is not enough because of the lack of effectiveness measurement of the information security investment. Therefore, it is necessary to optimize the information security investment in each business environment to minimize the cost of operating the information security countermeasures and mitigate the damages occurred from the information security breaches. In this paper, using genetic algorithms we propose an investment optimization model for information security countermeasures with the limited budget. The optimal information security countermeasures were derived based on the actual information security investment status of SMEs. The optimal solution supports the decision on the appropriate investment level for each information security countermeasures.

Keywords

References

  1. 공희경, 전효정, 김태성, "AHP를 이용한 정보보호투자 의사결정에 대한 연구", Journal of Information Technology Applications and Management, 제15권, 제1호, 2008, 139-152.
  2. 과학기술정보통신부, 2018 정보보호실태조사, 2019.
  3. 김길환, 양원석, 김태성, "유전자 알고리즘을 이용한 정보보호 대책 투자 포트폴리오의 최적화", 한국통신학회논문지, 제43권, 제2호, 2018, 439-451. https://doi.org/10.7840/kics.2018.43.2.439
  4. 김동욱, 이원영, "유전자 알고리즘을 이용한 프로젝트 포트폴리오 투입인력 최적화 모델에 관한 연구", 한국IT서비스학회지, 제17권, 제4호, 101-117. https://doi.org/10.9716/kits.2018.17.4.101
  5. 양원석, 김태성, 박현민, "확률모형을 이용한 정보보호 투자 포트폴리오 분석", 한국경영과학회지, 제34권, 제3호, 2009, 155-163.
  6. Benaroch, M., "Real options models for proactive uncertainty-reducing mitigations and applications in cybersecurity investment decision making", Information Systems Research, Vol.29, No.2, 2018, 315-340. https://doi.org/10.1287/isre.2017.0714
  7. Bodin, L.D., L.A. Gordon, and M.P. Loeb, "Evaluating information security investments using the analytic hierarchy process", Communications of the ACM, Vol.48, No.2, 2005, 78-83. https://doi.org/10.1145/1042091.1042094
  8. Fielder, A., E. Panaousis, P. Malacaria, C. Hankin, and F. Smeraldi, "Decision support approaches for cyber security investment", Decision Support Systems, Vol.86, 2016, 13-23. https://doi.org/10.1016/j.dss.2016.02.012
  9. Gupta, M., J. Rees, A. Chaturvedi, and J. Chi, "Matching information security vulnerabilities to organizational security profiles : a genetic algorithm approach", Decision Support Systems, Vol.41, No.3, 2006, 592-603. https://doi.org/10.1016/j.dss.2004.06.004
  10. Houmb, S.H. and V.N. Franqueira, "Estimating ToE risk level using CVSS", 2009 International Conference on Availability, Reliability and Security, 2009, 718-725.
  11. Nespoli, P., D. Papamartzivanos, F.G. Marmol, and G. Kambourakis, "Optimal countermeasures selection against cyber attacks: A comprehensive survey on reaction frameworks", IEEE Communications Surveys & Tutorials, Vol.20, No.2, 2018, 1361-1396. https://doi.org/10.1109/COMST.2017.2781126