 Information security trade-offs and optimal patching policiesChristos Ioannidis, David Pym and Julian Williams European Journal of Operational Research, 2012, vol. 216, issue 2, 434-444 Abstract: We develop and simulate a basic mathematical model of the costly deployment of software patches in the presence of trade-offs between confidentiality and availability. The model incorporates representations of the key aspects of the system architecture, the managers’ preferences, and the stochastic nature of the threat environment. Using the model, we compute the optimal frequencies for regular and irregular patching, for both networks and clients, for two example types of organization, military and financial. Such examples are characterized by their constellations of parameters. Military organizations, being relatively less cost-sensitive, tend to apply network patches upon their arrival. The relatively high cost of applying irregular client patches leads both types of organization to avoid deployment upon arrival. Keywords: Information security; Optimal policy; Risk reduction; Stochastic processes (search for similar items in EconPapers) Downloads: (external link) Related works: Export reference: BibTeX RIS (EndNote, ProCite, RefMan) HTML/Text Persistent link: https://EconPapers.repec.org/RePEc:eee:ejores:v:216:y:2012:i:2:p:434-444 DOI: 10.1016/j.ejor.2011.05.050 Access Statistics for this article European Journal of Operational Research is currently edited by Roman Slowinski, Jesus Artalejo, Jean-Charles. Billaut, Robert Dyson and Lorenzo Peccati More articles in European Journal of Operational Research from Elsevier |
Is your work missing from RePEc? Here is how to contribute.
Questions or problems? Check the EconPapers FAQ or send mail to .
EconPapers is hosted by the
School of Business at Örebro University.