№2, 2018

A MODEL FOR OPTIMAL PLANNING OF INFORMATION SECURITY INCIDENT RESPONSE OPERATIONS

Yadigar N. Imamverdiyev

A quick and adequate response to handling of information security incidents is critical for ensuring business continuity. To handle such incidents, special CERT commands are required, but the cost of maintaining them is a burden for most organizations, and they prefer to use the services of special CERT service providers. This study proposes a model for the optimal distribution of information security incident response operations between CERT groups; the model is formulated as an optimization problem, and differential evolution algorithm is developed to solve it  (pp.69-80).

Keywords: information security, incident response, incident handling, incident management, CERT, CSIRT, scheduling, differential evolution.
References
  • Alguliyev R.M., Imamverdiyev Y.N. Information security incidents. Baku: "Information Technologies" publishing house, 2015, p. 219.
  • Cichonski P., Millar T., Grance T., andScarfoneK. Computer security incident handling guide.NIST Special Publication800-61, 2012, 147 p.
  • West-Brown M.J., Stikvoort D., and Kossakowski K.-P. Handbook for Computer Security Incident Response Teams (CSIRTs). CMU/SEI-2003-HB-002. 2003, 223 p. 
  • Wiik J., Gonzalez J.J., Davidsen P.I., and Kossakowski K.P. Chronic workload problems in CSIRTs / Proc. of the 27th International Conference of the System Dynamics Society, 2009, pp.1–19.
  • Osorno M., Millar T., Rager D. Coordinated cybersecurity incident handling: Roles, processes, and coordination networks for crosscutting incidents / Proc. of the 16th ICCRTS “Collective C2 in Multinational Civil-Military Operations”, 2011, pp.1–12.
  • Tøndel I.A., Line M.B., Jaatun M.G. Information security incident management: Current practice as reported in the literature // Computers & Security, 2014, vol.45, pp.42–57.
  • Deshpande D. Managed security services: An emerging solution to security / Proc. 2nd Annual Conference on Information Security Curriculum Development, 2005, pp.107–111.
  • Alberts C., DorofeeA., KillcreceG., and ZajicekR. R. M. Defining incident management processes for CSIRTs: A work in progress. Carnegie Mellon Software Engineering Institute, 2004, 249 p.
  • ISO/IEC 27035:2011 Information technology – Security techniques – Information security incident management. 2011, 78 p.
  • Mitropoulos S., Patsos D., Douligeris C. On incident handling and response: A state-of-the-art approach // Computers & Security, 2006, vol.25, pp.351–370.
  • Hidayah N., Rahman A., Kim K., Choo R.A survey of information security incident handling in the cloud // Computers & Security, vol.49, 2015, pp.45–69.
  • , PrinceD., HutchisonD., DissoJ. F. P., JonesK.A survey of cyber security management in industrial control systems // International Journal of Critical Infrastructure Protection, 2015, vol.9, pp.52–80.
  • Jeong K., Park J., Kim M., Noh B. A security coordination model for an inter-organizational information incidents response supporting forensic process / Fourth International Conference on Networked Computing and Advanced Information Management, 2008, vol.2, pp.143–148.
  • Atif A., Maynard S.B., and Shanks G. A case analysis of information systems and security incident responses // International Journal of Information Management, 2015, vol.35, no.6, pp.717–723.
  • Schneier B. The future of incident response // IEEE Security & Privacy, 2014, vol.12, no.5, pp.96–96.
  • Kuypers M. A., Maillart T., and Paté-Cornell E. An empirical analysis of cyber security incidents at a large organization. Working Paper. 2016, 22 p.
  • Brucker P., Drexl A., Möhring R., Neumann K., andPesch E. Resource-constrained project scheduling: Notation, classification, models, and methods // European Journal of Operational Research, 1999, vol.112, no.1, pp.3-41.
  • Brucker P., and Knust S., Complex Scheduling. GOR-Publications, 2012, 352 p.
  • Artigues C., Demassey S., and Neron E. (Eds.) Resource-constrained project scheduling: models, algorithms, extensions and applications. John Wiley & Sons. 2008, 288 p.
  • Kolisch R., Hartmann S. Experimental investigation of heuristics for resource constrained project scheduling: an update //European Journal of Operational Research, 2006, vol.174, no.1, pp.23–37.
  • Habibi F., Barzinpour F., and Sadjadi S. Resource-constrained project scheduling problem: review of past and recent developments // Journal of Project Management, 2018, vol.3, no.2, pp.55–
  • Alcaraz J., Maroto C., and Ruiz R. Solving the multi-mode resource-constrained project scheduling problem with genetic algorithms // Journal of the Operational Research Society, 2003, vol.54, no.6, pp.614–
  • Valls V., Ballestini F., Quintanilla S. A hybrid genetic algorithm for the resource constrained project scheduling problem // European Journal of Operational Research, 2008, vol.185, no.2, pp.495–508.
  • Gen M., Gao J., and Lin L. Multistage-based genetic algorithm for flexible job-shop scheduling problem // Intelligent and Evolutionary Systems, 2009, pp.183–196.
  • Koulinas G., Kotsikas L., andAnagnostopoulos K. A particle swarm optimization based hyper-heuristic algorithm for the classic resource constrained project scheduling problem // Information Sciences, 2014, vol.277, pp.680–693.
  • Tang D., Dai M., Salido M. A., andGiret A. Energy-efficient dynamic scheduling for a flexible flow shop using an improved particle swarm optimization // Computers in Industry, 2016, vol.81, pp.82–95.
  • Myszkowski P. B., Skowroński, M. E., Olech, Ł. P., andOślizło K. Hybrid ant colony optimization in solving multi-skill resource-constrained project scheduling problem // Soft Computing, 2015, vol.19, no.12, pp.3599–3619.
  • Li J. Q., Pan Q. K., andGao K. Z. Pareto-based discrete artificial bee colony algorithm for multi-objective flexible job shop scheduling problems // The International Journal of Advanced Manufacturing Technology, 2011, vol.55, no.9, pp.1159–1169.
  • Akbari R., Zeighami V., and Ziarati K. Artificial bee colony for resource constrained project scheduling problem // International Journal of Industrial Engineering Computations,2011, vol.2, no.1, pp.45–
  • Gao K. Z., Suganthan P. N., Pan Q. K., Chua T. J., Chong C. S., andCai T. X. An improved artificial bee colony algorithm for flexible job-shop scheduling problem with fuzzy processing time // Expert Systems with Applications, 2016, vol.65, pp.52–67.
  • Damak J., Jarboui B., Siarry P., Loukil T. Differential evolution for solving multi-mode resource-constrained project scheduling problems //Computers & Operations Research, 2009, vol.36, no.9, pp.2653–2659.
  • Afshar-Nadjafi, B., Karimi H., Rahimi A., andKhalili S. Project scheduling with limited resources using an efficient differential evolution algorithm // Journal of King Saud University-Engineering Sciences, 2015, vol.27, no.2, pp.176–184.
  • Storn R., Price K. Differential evolution – a simple and efficient heuristic for global optimization over continuous spaces //Journal of Global Optimization, 1997, vol.11, no.4, pp.341–354.
  • Imamverdiyev Y.N. An information security incident prioritization method / Proc. of the 7th International Conference on Application of Information and Communication Technologies, 2013, pp.183–
  • Hsu T., Dupas R., Jolly D., & Goncalves G. Evaluation of mutation heuristics for the solving of multiobjective flexible job shop by an evolutionary algorithm / Proc. of the IEEE International Conference on Systems, Man and Cybernetics, 2002, vol.5, pp.655–660.
  • Shao X., Liu W., Liu Q., & Zhang C. Hybrid discrete particle swarm optimization for multi-objective flexible job-shop scheduling problem // The International Journal of Advanced Manufacturing Technology,2013, vol. 67, no.9–12, pp.2885–2901.
  • Kacem I., Hammadi S., & Borne P. Approach by localization and multiobjective evolutionary optimization for flexible job-shop scheduling problems // IEEE Transactions on Systems, Man, and Cybernetics, Part C,2002, vol.32, no.1, pp.1–13.
  • Das S., &Suganthan P. N. Differential evolution: A survey of the state-of-the-art // IEEE Transactions on Evolutionary Computation, 2011, vol.15, no.1, pp.4–31.
  • Alguliev R. M., Aliguliyev R. M., &Hajirahimova M. S. Quadratic Boolean programming model and binary differential evolution algorithm for text summarization // Problems of Information Technology, 2012, no.2, pp.20–29.
  • Deng C., Liang C. Y., Zhao B., Yang Y., & Deng A. Y. Structure-encoding differential evolution for integer programming // Journal of Software, 2011, vol.6, no.1, pp.140–147.
  • Li H.,& Zhang L. A discrete hybrid differential evolution algorithm for solving integer programming problems // Engineering Optimization, 2014, vol.46, no.9, pp.1238–1268.
  • Pan Q. K., Tasgetiren M. F., & Liang Y. C. A discrete differential evolution algorithm for the permutation flowshop scheduling problem // Computers & Industrial Engineering, 2008, vol.55, no.4, pp.795–816.
  • Pezzella F., Morganti G., Ciaschetti G. A genetic algorithmfor the flexible job-shop scheduling problem // Computers & Operations Research, 2008, vol.35, no.10, pp.3202–3212.
  • Shi G. A genetic algorithm applied to a classic job-shop scheduling problem // International Journal of Systems Science, 1997, vol.28, no.1, pp.25–32.
  • Elgendy A. R., Mohammed H., &Elhakeem A. Optimizing dynamic flexible job shop scheduling problem based on genetic algorithm // International Journal of Current Engineering and Technology, 2017, vol.7, pp.368–373.