Information security trade-offs and optimal patching policies

Christos Ioannidis; David Pym; Julian Williams

doi:10.1016/j.ejor.2011.05.050

Information security trade-offs and optimal patching policies

Christos Ioannidis, David Pym, Julian Williams

Department of Economics

Research output: Contribution to journal › Article › peer-review

35 Citations (SciVal)

Abstract

We develop and simulate a basic mathematical model of the costly deployment of software patches in the presence of trade-offs between confidentiality and availability. The model incorporates representations of the key aspects of the system architecture, the managers' preferences, and the stochastic nature of the threat environment. Using the model, we compute the optimal frequencies for regular and irregular patching, for both networks and clients, for two example types of organization, military and financial. Such examples are characterized by their constellations of parameters. Military organizations, being relatively less cost-sensitive, tend to apply network patches upon their arrival. The relatively high cost of applying irregular client patches leads both types of organization to avoid deployment upon arrival.

Original language	English
Pages (from-to)	434-444
Number of pages	11
Journal	European Journal of Operational Research
Volume	216
Issue number	2
Early online date	6 Sept 2011
DOIs	https://doi.org/10.1016/j.ejor.2011.05.050
Publication status	Published - 16 Jan 2012

Access to Document

10.1016/j.ejor.2011.05.050

Cite this

@article{f8d4e60104c445b19d4e0ddd6cc0e7f7,

title = "Information security trade-offs and optimal patching policies",

abstract = "We develop and simulate a basic mathematical model of the costly deployment of software patches in the presence of trade-offs between confidentiality and availability. The model incorporates representations of the key aspects of the system architecture, the managers' preferences, and the stochastic nature of the threat environment. Using the model, we compute the optimal frequencies for regular and irregular patching, for both networks and clients, for two example types of organization, military and financial. Such examples are characterized by their constellations of parameters. Military organizations, being relatively less cost-sensitive, tend to apply network patches upon their arrival. The relatively high cost of applying irregular client patches leads both types of organization to avoid deployment upon arrival.",

author = "Christos Ioannidis and David Pym and Julian Williams",

year = "2012",

month = jan,

day = "16",

doi = "10.1016/j.ejor.2011.05.050",

language = "English",

volume = "216",

pages = "434--444",

journal = "European Journal of Operational Research",

issn = "0377-2217",

publisher = "Elsevier B.V.",

number = "2",

}

TY - JOUR

T1 - Information security trade-offs and optimal patching policies

AU - Ioannidis, Christos

AU - Pym, David

AU - Williams, Julian

PY - 2012/1/16

Y1 - 2012/1/16

N2 - We develop and simulate a basic mathematical model of the costly deployment of software patches in the presence of trade-offs between confidentiality and availability. The model incorporates representations of the key aspects of the system architecture, the managers' preferences, and the stochastic nature of the threat environment. Using the model, we compute the optimal frequencies for regular and irregular patching, for both networks and clients, for two example types of organization, military and financial. Such examples are characterized by their constellations of parameters. Military organizations, being relatively less cost-sensitive, tend to apply network patches upon their arrival. The relatively high cost of applying irregular client patches leads both types of organization to avoid deployment upon arrival.

AB - We develop and simulate a basic mathematical model of the costly deployment of software patches in the presence of trade-offs between confidentiality and availability. The model incorporates representations of the key aspects of the system architecture, the managers' preferences, and the stochastic nature of the threat environment. Using the model, we compute the optimal frequencies for regular and irregular patching, for both networks and clients, for two example types of organization, military and financial. Such examples are characterized by their constellations of parameters. Military organizations, being relatively less cost-sensitive, tend to apply network patches upon their arrival. The relatively high cost of applying irregular client patches leads both types of organization to avoid deployment upon arrival.

UR - http://www.scopus.com/inward/record.url?scp=84857187741&partnerID=8YFLogxK

UR - http://dx.doi.org/10.1016/j.ejor.2011.05.050

U2 - 10.1016/j.ejor.2011.05.050

DO - 10.1016/j.ejor.2011.05.050

M3 - Article

SN - 0377-2217

VL - 216

SP - 434

EP - 444

JO - European Journal of Operational Research

JF - European Journal of Operational Research

IS - 2

ER -

Information security trade-offs and optimal patching policies

Abstract

Access to Document

Other files and links

Fingerprint

Cite this