Workshop-based Multiobjective Security Safeguard Selection

T. Neubauer, C. Stummer, E. Weippl:
"Workshop-based Multiobjective Security Safeguard Selection";
Vortrag: First International Conference on Availability, Reliability and Security (ARES'06), Wien; 20.04.2006; in:"Proceedings of the First International Conference on Availability, Reliability and Security", IEEE Computer Society, (2006), S. 366 - 373.

[ Publication Database ]


Companies spend considerable amounts of resources on minimizing security breaches but often neglect efficient security measures and/or are not aware whether their investments are effective. While security safeguards traditionally are evaluated through a single (aggregated) criterion such as the return on investment, this may not suffice any longer as economic and legal requirements force top management to pay more attention to security issues. Thus, there is a demand for decision support tools that assist decision makers in allocating security safeguards with respect to multiple objectives of the involved stakeholders. This paper proposes a tool called MOS3T (Multi-Objective Security Safeguard Selection Tool), that integrates ideas from multiobjective decision making in a workshop environment. The stepwise procedure for the assessment and interactive selection of sets of security safeguards improves security awareness of top management while minimizing the resources required for implementing a proper security environment that meets a corporate's needs.