Authors: Pasquale Legato; Rina Mary Mazza
Addresses: DIMES University of Calabria, Via P. Bucci 42C, 87036 Rende (CS), Italy ' DIMES University of Calabria, Via P. Bucci 42C, 87036 Rende (CS), Italy
Abstract: In this study we present a simulation optimisation (SO) approach based on direct search methods applied to cyber security. The problem consists of investigating if and when human resources (i.e., analysts) in a company should: 1) work alone; 2) work in consultation with teammates when responding to different attack rates and types targeting a predefined set of company cyber assets. The objective of the study is to evaluate overall attack tolerance with respect to system performance degradation and both resource training and knowledge gain. Numerical examples and experiments related to resource assignment and team formation are presented to show how the SO model can support company managers when grappling with a very common decision: 'make or buy' cyber security knowhow.
Keywords: simulation optimisation; cyber security; team formation; collaboration; team building; attack tolerance; system performance degradation; resource training; knowledge acquisition; resource assignment; make or buy.
International Journal of Simulation and Process Modelling, 2016 Vol.11 No.6, pp.430 - 442
Available online: 14 Mar 2017 *Full-text access for editors Access for subscribers Purchase this article Comment on this article