Decision support for systems security investment

Yolanta Beresnevichiene, David J Pym, Simon Shiu

Research output: Chapter in Book/Report/Conference proceedingPublished conference contribution

30 Citations (Scopus)


Information security managers with fixed budgets must invest in security measures to mitigate increasingly severe threats whilst maintaining the alignment of their systems with their organization's business objectives. The state of the art lacks a systematic methodology to support security investment decision-making. We describe a methodology that integrates methods from multi-attribute utility evaluation and mathematical systems modelling. We illustrate our approach using a case study of a large organization divesting itself of its IT support services, delivering useful results to the organization's security managers. Specifically, by integrating a mathematical model of system behaviour with an account of the utility of available security investment strategies, the case study has enabled them to understand better the trade-offs between the security performance and the operational consequences of their choices.
Original languageEnglish
Title of host publicationNetwork Operations and Management Symposium Workshops (NOMS Wksps), 2010 IEEE/IFIP
Place of PublicationLos Alamitos, CA, USA
PublisherIEEE Press
Number of pages8
ISBN (Print)978-1424460373
Publication statusPublished - 17 Jun 2010
Event5th IFIP/IEEE International Workshop on Business-driven IT Management (BDIM 2010) - Osaka, Japan
Duration: 19 Apr 201019 Apr 2010


Conference5th IFIP/IEEE International Workshop on Business-driven IT Management (BDIM 2010)


  • information security
  • decision support
  • economics
  • risk managment
  • systems modelling
  • business data processing


Dive into the research topics of 'Decision support for systems security investment'. Together they form a unique fingerprint.

Cite this