A novel risk assessment and optimisation model for a multi-objective network security countermeasure selection problem

Budget cuts and the high demand in strengthening the security of computer systems and services constitute a challenge. Poor system knowledge and inappropriate selection of security measures may lead to unexpected financial and data losses. This paper proposes a novel Risk Assessment and Optimisation Model (RAOM) to solve a security countermeasure selection problem, where variables such as financial cost and risk may affect a final decision. A Multi-Objective Tabu Search (MOTS) algorithm has been developed to construct an efficient frontier of non-dominated solutions, which can satisfy organisational security needs in a cost-effective manner.

► We develop a model to support financial investment decisions. ► We propose a multi-objective countermeasure selection problem. ► We find trade-offs between cost and risk. ► A MOTS method has been developed to find near optimal solutions. ► Experiments demonstrate good performance in terms of quality of solutions.