A very important issue in IT Security or Cyber Security management is to provide cost-efficient security measures to achieve needed or required security goals (mainly CIA – Confidentiality, Integrity, Availability levels). For providing an optimal solution an optimization task with two goals have to be solved – to minimize needed resources and to maximize achievable security. The computational complexity of the optimization task is very high. In previous work a matrix based security model and an optimization framework based on the Pareto optimality and the discrete dynamic programming method has been used. But that solution has a quite important imperfection – there was required independence between security activity areas. That is not appropriate for IT security, as this solution does not follow the quite important principle in IT security – security is like a chain that is only as strong as the weakest link of layered security or defence in depth. The evolutionary optimization, as an alternative optimization tool, removed the independence restriction of the matrix based security model and the dynamic optimization method, but the first implementation of it was slightly slower than the other methods. For improving the performance of the evolutionary optimization we have performed a meta-level optimization of parameters of the algorithm and as a result the speed of optimization is comparable to other optimization techniques. As the evolutionary optimization is independent for all possible budget levels it lead to possibility to use a graph based security model. The graph based security model is a new and dynamical framework for security management. This paper presents how implementation of an evolutionary optimization technique removed the restrictions of independence of security measures and lead to implementation of an efficient graph based security model.
Published in: Proceedings of the 10th European Conference on Information Warfare and Security at the Tallinn University of Technology Tallinn, Estonia 7-8 July 201.