Research

Information security trade-offs and optimal patching policies


Reference:

Ioannidis, C., Pym, D. and Williams, J., 2012. Information security trade-offs and optimal patching policies. European Journal of Operational Research, 216 (2), pp. 434-444.

Related documents:

This repository does not currently have the full-text of this item.
You may be able to access a copy if URLs are provided below. (Contact Author)

Official URL:

http://dx.doi.org/10.1016/j.ejor.2011.05.050

Abstract

We develop and simulate a basic mathematical model of the costly deployment of software patches in the presence of trade-offs between confidentiality and availability. The model incorporates representations of the key aspects of the system architecture, the managers' preferences, and the stochastic nature of the threat environment. Using the model, we compute the optimal frequencies for regular and irregular patching, for both networks and clients, for two example types of organization, military and financial. Such examples are characterized by their constellations of parameters. Military organizations, being relatively less cost-sensitive, tend to apply network patches upon their arrival. The relatively high cost of applying irregular client patches leads both types of organization to avoid deployment upon arrival.

Details

Item Type Articles
CreatorsIoannidis, C., Pym, D. and Williams, J.
DOI10.1016/j.ejor.2011.05.050
DepartmentsFaculty of Humanities & Social Sciences > Economics
RefereedYes
StatusPublished
ID Code26165

Export

Actions (login required)

View Item