| Article ID: | iaor20171104 |
| Volume: | 11 |
| Issue: | 6 |
| Start Page Number: | 430 |
| End Page Number: | 442 |
| Publication Date: | Mar 2016 |
| Journal: | International Journal of Simulation and Process Modelling |
| Authors: | Legato Pasquale, Mazza Rina Mary |
| Keywords: | combinatorial optimization, personnel & manpower planning, security, internet |
In this study we present a simulation optimisation (SO) approach based on direct search methods applied to cyber security. The problem consists of investigating if and when human resources (i.e., analysts) in a company should: 1) work alone; 2) work in consultation with teammates when responding to different attack rates and types targeting a predefined set of company cyber assets. The objective of the study is to evaluate overall attack tolerance with respect to system performance degradation and both resource training and knowledge gain. Numerical examples and experiments related to resource assignment and team formation are presented to show how the SO model can support company managers when grappling with a very common decision: 'make or buy' cyber security knowhow.