Journal
RISK ANALYSIS
Volume 39, Issue 9, Pages 2076-2092Publisher
WILEY
DOI: 10.1111/risa.13269
Keywords
Cybersecurity; infrastructure risk mitigation; robust optimization
Categories
Funding
- Direct For Social, Behav & Economic Scie
- Divn Of Social and Economic Sciences [1422768] Funding Source: National Science Foundation
- National Science Foundation [1422768] Funding Source: Medline
Ask authors/readers for more resources
In recent years, there have been growing concerns regarding risks in federal information technology (IT) supply chains in the United States that protect cyber infrastructure. A critical need faced by decisionmakers is to prioritize investment in security mitigations to maximally reduce risks in IT supply chains. We extend existing stochastic expected budgeted maximum multiple coverage models that identify good solutions on average that may be unacceptable in certain circumstances. We propose three alternative models that consider different robustness methods that hedge against worst-case risks, including models that maximize the worst-case coverage, minimize the worst-case regret, and maximize the average coverage in the (1-alpha) worst cases (conditional value at risk). We illustrate the solutions to the robust methods with a case study and discuss the insights their solutions provide into mitigation selection compared to an expected-value maximizer. Our study provides valuable tools and insights for decisionmakers with different risk attitudes to manage cybersecurity risks under uncertainty.
Authors
I am an author on this paper
Click your name to claim this paper and add it to your profile.
Reviews
Recommended
No Data Available