A Robust Approach for Mitigating Risks in Cyber Supply Chains

AbstractIn recent years, there have been growing concerns regarding risks in federal information technology (IT) supply chains in the United States that protect cyber infrastructure. A critical need faced by decisionmakers is to prioritize investment in security mitigations to maximally reduce risks in IT supply chains. We extend existing stochastic expected budgeted maximum multiple coverage models that identify “good” solutions on average that may be unacceptable in certain circumstances. We propose three alternative models that consider different robustness methods that hedge against worst‐case risks, including models that maximize the worst‐case coverage, minimize the worst‐case regret, and ma ximize the average coverage in the (1−α) worst cases (conditional value at risk). We illustrate the solutions to the robust methods with a case study and discuss the insights their solutions provide into mitigation selection compared to an expected‐value maximizer. Our study provides valuable t ools and insights for decisionmakers with different risk attitudes to manage cybersecurity risks under uncertainty.

https://www.onlinelibrary.wiley.com/doi/abs/10.1111/risa.13269?af=R

Source: Risk Analysis - January 18, 2019 Category: International Medicine & Public Health Authors: Kaiyue Zheng, Laura A. Albert Tags: Original Research Article Source Type: research

More News: Information Technology | Study | USA Health