IDEAS home Printed from https://ideas.repec.org/a/spr/infsem/vyid10.1007_s10257-020-00470-8.html
   My bibliography  Save this article

Mapping the variations for implementing information security controls to their operational research solutions

Author

Listed:
  • Mauricio Diéguez

    (Universidad de La Frontera)

  • Jaime Bustos

    (Universidad de La Frontera)

  • Carlos Cares

    (Universidad de La Frontera)

Abstract

Information Security Management is currently guided by process-based standards. Achieving one or some of these standards means deploying their corresponding set of security controls under different constraints on resources, budgets, information assets to protect, and risks to avoid or mitigate, among other factors. This constitutes a complex combinatorial problem in the decision-making process. To select, schedule and deploy these security controls, qualitative approaches have mainly been proposed. Quantitative approaches to information security management are just emerging, and they have been applied only to simplified theoretical cases. The purpose of this paper is to support the notion that the problems of implementing information security controls, in the sense of being put into effect, can be formulated as a family of existing and already solved optimization problems. The main result is a mapping from a set of seven information security management types of problems to their corresponding operational research formulations. A solved case from a governmental institution illustrates the use of the proposed map.

Suggested Citation

  • Mauricio Diéguez & Jaime Bustos & Carlos Cares, 0. "Mapping the variations for implementing information security controls to their operational research solutions," Information Systems and e-Business Management, Springer, vol. 0, pages 1-30.
  • Handle: RePEc:spr:infsem:v::y::i::d:10.1007_s10257-020-00470-8
    DOI: 10.1007/s10257-020-00470-8
    as

    Download full text from publisher

    File URL: http://link.springer.com/10.1007/s10257-020-00470-8
    File Function: Abstract
    Download Restriction: Access to the full text of the articles in this series is restricted.

    File URL: https://libkey.io/10.1007/s10257-020-00470-8?utm_source=ideas
    LibKey link: if access is restricted and if your library uses this service, LibKey will redirect you to where you can use your library subscription to access this item
    ---><---

    As the access to this document is restricted, you may want to search for a different version of it.

    References listed on IDEAS

    as
    1. Hoogeveen, Han, 2005. "Multicriteria scheduling," European Journal of Operational Research, Elsevier, vol. 167(3), pages 592-623, December.
    2. Wascher, Gerhard & Hau[ss]ner, Heike & Schumann, Holger, 2007. "An improved typology of cutting and packing problems," European Journal of Operational Research, Elsevier, vol. 183(3), pages 1109-1130, December.
    3. Yuri Mauergauz, 2016. "Advanced Planning and Scheduling in Manufacturing and Supply Chains," Springer Books, Springer, number 978-3-319-27523-9, January.
    4. Cheng, T. C. E. & Ng, C. T. & Yuan, J. J. & Liu, Z. H., 2005. "Single machine scheduling to minimize total weighted tardiness," European Journal of Operational Research, Elsevier, vol. 165(2), pages 423-443, September.
    5. R. Bonazzi & L. Hussami & Y. Pigneur, 2009. "Compliance Management is Becoming a Major Issue in IS Design," Springer Books, in: Alessandro D'Atri & Domenico Saccà (ed.), Information Systems: People, Organizations, Institutions, and Technologies, pages 391-398, Springer.
    6. Edis, Emrah B. & Oguz, Ceyda & Ozkarahan, Irem, 2013. "Parallel machine scheduling with additional resources: Notation, classification, models and solution methods," European Journal of Operational Research, Elsevier, vol. 230(3), pages 449-463.
    7. Weglarz, Jan & Józefowska, Joanna & Mika, Marek & Waligóra, Grzegorz, 2011. "Project scheduling with finite or infinite number of activity processing modes - A survey," European Journal of Operational Research, Elsevier, vol. 208(3), pages 177-205, February.
    8. You, Byungjun & Yamada, Takeo, 2007. "A pegging approach to the precedence-constrained knapsack problem," European Journal of Operational Research, Elsevier, vol. 183(2), pages 618-632, December.
    9. Samavati, Mehran & Essam, Daryl & Nehring, Micah & Sarker, Ruhul, 2017. "A methodology for the large-scale multi-period precedence-constrained knapsack problem: an application in the mining industry," International Journal of Production Economics, Elsevier, vol. 193(C), pages 12-20.
    10. Chen, Jiaqiong & Askin, Ronald G., 2009. "Project selection, scheduling and resource allocation with time dependent returns," European Journal of Operational Research, Elsevier, vol. 193(1), pages 23-34, February.
    11. Allahverdi, Ali & Ng, C.T. & Cheng, T.C.E. & Kovalyov, Mikhail Y., 2008. "A survey of scheduling problems with setup times or costs," European Journal of Operational Research, Elsevier, vol. 187(3), pages 985-1032, June.
    12. Koulamas, Christos, 2010. "The single-machine total tardiness scheduling problem: Review and extensions," European Journal of Operational Research, Elsevier, vol. 202(1), pages 1-7, April.
    13. Florios, Kostas & Mavrotas, George & Diakoulaki, Danae, 2010. "Solving multiobjective, multiconstraint knapsack problems using mathematical programming and evolutionary algorithms," European Journal of Operational Research, Elsevier, vol. 203(1), pages 14-21, May.
    14. Yu-Ping Ou Yang & How-Ming Shieh & Jun-Der Leu & Gwo-Hshiung Tzeng, 2009. "A Vikor-Based Multiple Criteria Decision Method For Improving Information Security Risk," International Journal of Information Technology & Decision Making (IJITDM), World Scientific Publishing Co. Pte. Ltd., vol. 8(02), pages 267-287.
    15. Herroelen, Willy & Leus, Roel, 2005. "Project scheduling under uncertainty: Survey and research potentials," European Journal of Operational Research, Elsevier, vol. 165(2), pages 289-306, September.
    16. S. I. Gass & Thomas L. Saaty, 1955. "Parametric Objective Function (Part 2)---Generalization," Operations Research, INFORMS, vol. 3(4), pages 395-401, November.
    17. Hamid Khajouei & Mehdi Kazemi & Seyed Hamed Moosavirad, 2017. "Ranking information security controls by using fuzzy analytic hierarchy process," Information Systems and e-Business Management, Springer, vol. 15(1), pages 1-19, February.
    18. Hartmann, Sönke & Briskorn, Dirk, 2010. "A survey of variants and extensions of the resource-constrained project scheduling problem," European Journal of Operational Research, Elsevier, vol. 207(1), pages 1-14, November.
    19. Rainer Kolisch & Konrad Meyer, 2006. "Selection and Scheduling of Pharmaceutical Research Projects," International Series in Operations Research & Management Science, in: Joanna Józefowska & Jan Weglarz (ed.), Perspectives in Modern Project Scheduling, chapter 0, pages 321-344, Springer.
    Full references (including those not matched with items on IDEAS)

    Most related items

    These are the items that most often cite the same works as this one and are cited by the same works as this one.
    1. Mauricio Diéguez & Jaime Bustos & Carlos Cares, 2020. "Mapping the variations for implementing information security controls to their operational research solutions," Information Systems and e-Business Management, Springer, vol. 18(2), pages 157-186, June.
    2. Park, Jongyoon & Han, Jinil & Lee, Kyungsik, 2022. "Integer Optimization Model and Algorithm for the Stem Cell Culturing Problem," Omega, Elsevier, vol. 108(C).
    3. Xiong, Jian & Leus, Roel & Yang, Zhenyu & Abbass, Hussein A., 2016. "Evolutionary multi-objective resource allocation and scheduling in the Chinese navigation satellite system project," European Journal of Operational Research, Elsevier, vol. 251(2), pages 662-675.
    4. Roland Braune & Karl F. Doerner, 2017. "Real-world flexible resource profile scheduling with multiple criteria: learning scalarization functions for MIP and heuristic approaches," Journal of the Operational Research Society, Palgrave Macmillan;The OR Society, vol. 68(8), pages 952-972, August.
    5. Hartmann, Sönke & Briskorn, Dirk, 2010. "A survey of variants and extensions of the resource-constrained project scheduling problem," European Journal of Operational Research, Elsevier, vol. 207(1), pages 1-14, November.
    6. Hua Wang & Jon Dieringer & Steve Guntz & Shankarraman Vaidyaraman & Shekhar Viswanath & Nikolaos H. Lappas & Sal Garcia-Munoz & Chrysanthos E. Gounaris, 2021. "Portfolio-Wide Optimization of Pharmaceutical R&D Activities Using Mathematical Programming," Interfaces, INFORMS, vol. 51(4), pages 262-279, July.
    7. Gómez Sánchez, Mariam & Lalla-Ruiz, Eduardo & Fernández Gil, Alejandro & Castro, Carlos & Voß, Stefan, 2023. "Resource-constrained multi-project scheduling problem: A survey," European Journal of Operational Research, Elsevier, vol. 309(3), pages 958-976.
    8. Christian Weckenborg & Karsten Kieckhäfer & Thomas S. Spengler & Patricia Bernstein, 2020. "The Volkswagen Pre-Production Center Applies Operations Research to Optimize Capacity Scheduling," Interfaces, INFORMS, vol. 50(2), pages 119-136, March.
    9. Hartmann, Sönke & Briskorn, Dirk, 2008. "A survey of variants and extensions of the resource-constrained project scheduling problem," Working Paper Series 02/2008, Hamburg School of Business Administration (HSBA).
    10. Hartmann, Sönke & Briskorn, Dirk, 2022. "An updated survey of variants and extensions of the resource-constrained project scheduling problem," European Journal of Operational Research, Elsevier, vol. 297(1), pages 1-14.
    11. Estévez-Fernández, Arantza, 2012. "A game theoretical approach to sharing penalties and rewards in projects," European Journal of Operational Research, Elsevier, vol. 216(3), pages 647-657.
    12. Servranckx, Tom & Vanhoucke, Mario, 2019. "Strategies for project scheduling with alternative subgraphs under uncertainty: similar and dissimilar sets of schedules," European Journal of Operational Research, Elsevier, vol. 279(1), pages 38-53.
    13. Slotnick, Susan A., 2011. "Order acceptance and scheduling: A taxonomy and review," European Journal of Operational Research, Elsevier, vol. 212(1), pages 1-11, July.
    14. Ferreira, Cristiane & Figueira, Gonçalo & Amorim, Pedro, 2021. "Scheduling Human-Robot Teams in collaborative working cells," International Journal of Production Economics, Elsevier, vol. 235(C).
    15. Jeunet, Jully & Bou Orm, Mayassa, 2020. "Optimizing temporary work and overtime in the Time Cost Quality Trade-off Problem," European Journal of Operational Research, Elsevier, vol. 284(2), pages 743-761.
    16. Yepes-Borrero, Juan C. & Perea, Federico & Ruiz, Rubén & Villa, Fulgencia, 2021. "Bi-objective parallel machine scheduling with additional resources during setups," European Journal of Operational Research, Elsevier, vol. 292(2), pages 443-455.
    17. Berghman, Lotte & Leus, Roel, 2015. "Practical solutions for a dock assignment problem with trailer transportation," European Journal of Operational Research, Elsevier, vol. 246(3), pages 787-799.
    18. Mick Van Den Eeckhout & Broos Maenhout & Mario Vanhoucke, 2020. "Mode generation rules to define activity flexibility for the integrated project staffing problem with discrete time/resource trade-offs," Annals of Operations Research, Springer, vol. 292(1), pages 133-160, September.
    19. Grzegorz Waligóra, 2016. "Comparative Analysis of Some Metaheuristics for Discrete-Continuous Project Scheduling with Activities of Identical Processing Rates," Asia-Pacific Journal of Operational Research (APJOR), World Scientific Publishing Co. Pte. Ltd., vol. 33(03), pages 1-32, June.
    20. Snauwaert, Jakob & Vanhoucke, Mario, 2023. "A classification and new benchmark instances for the multi-skilled resource-constrained project scheduling problem," European Journal of Operational Research, Elsevier, vol. 307(1), pages 1-19.

    Corrections

    All material on this site has been provided by the respective publishers and authors. You can help correct errors and omissions. When requesting a correction, please mention this item's handle: RePEc:spr:infsem:v::y::i::d:10.1007_s10257-020-00470-8. See general information about how to correct material in RePEc.

    If you have authored this item and are not yet registered with RePEc, we encourage you to do it here. This allows to link your profile to this item. It also allows you to accept potential citations to this item that we are uncertain about.

    If CitEc recognized a bibliographic reference but did not link an item in RePEc to it, you can help with this form .

    If you know of missing items citing this one, you can help us creating those links by adding the relevant references in the same way as above, for each refering item. If you are a registered author of this item, you may also want to check the "citations" tab in your RePEc Author Service profile, as there may be some citations waiting for confirmation.

    For technical questions regarding this item, or to correct its authors, title, abstract, bibliographic or download information, contact: Sonal Shukla or Springer Nature Abstracting and Indexing (email available below). General contact details of provider: http://www.springer.com .

    Please note that corrections may take a couple of weeks to filter through the various RePEc services.

    IDEAS is a RePEc service. RePEc uses bibliographic data supplied by the respective publishers.