Abstract

DIEGUEZ, Mauricio  and  CARES, Carlos. Comparing Two Quantitative Approaches to Select Information Security Controls. RISTI [online]. 2019, n.32, pp.113-128. ISSN 1646-9895.  https://doi.org/10.17013/risti.32.113-128.

Provide systematic processes and tools to make a decision about security investments under a scenario of budget constraints, is of paramount importance to assure that such decisions are soundly made. We present a answer set programming (ASP) approach to solve this problem. Our proposal is then compared against a traditional linear programming (LP) operational research technique. We illustrate the modeling phase and computational performance of both solutions. The model based on ASP presents resolution times of the exponential type as the number of controls over which it must be decided increases. On the other hand, the model based on LP does not present important variations in its problem resolution times. However, the problem is easier to model in ASP. Then, this proposal has advantages for modeling and solving specific problems in which a rapid response is required and which do not require many controls.

Keywords : Answer set programming; linear programming; optimization; information security controls; information security management systems.

        · abstract in Spanish     · text in Spanish     · Spanish ( pdf )