Information security trade-offs and optimal patching policies

Abstract

We develop and simulate a basic mathematical model of the costly deployment of software patches in the presence of trade-offs between confidentiality and availability. The model incorporates representations of the key aspects of the system architecture, the managers’ preferences, and the stochastic nature of the threat environment. Using the model, we compute the optimal frequencies for regular and irregular patching, for both networks and clients, for two example types of organization, military and financial. Such examples are characterized by their constellations of parameters. Military organizations, being relatively less cost-sensitive, tend to apply network patches upon their arrival. The relatively high cost of applying irregular client patches leads both types of organization to avoid deployment upon arrival.

Publication DOI: https://doi.org/10.1016/j.ejor.2011.05.050
Divisions: College of Business and Social Sciences > Aston Business School
Additional Information: © 2012, Elsevier. Licensed under the Creative Commons Attribution-NonCommercial-NoDerivatives 4.0 International http://creativecommons.org/licenses/by-nc-nd/4.0/
Uncontrolled Keywords: information security,optimal policy,risk reduction,stochastic processes
Publication ISSN: 1872-6860
Last Modified: 12 Feb 2024 08:12
Date Deposited: 16 Mar 2017 15:15
Full Text Link: http://aura.abd ... andle/2164/2151
Related URLs: https://www.sci ... 498X?via%3Dihub (Publisher URL)
PURE Output Type: Article
Published Date: 2012-01-16
Published Online Date: 2011-06-20
Accepted Date: 2011-05-26
Submitted Date: 2010-04-15
Authors: Ioannidis, Christos
Pym, David
Williams, Julian

Export / Share Citation


Statistics

Additional statistics for this record