A hybrid dynamic decision making methodology for defensive information technology contingency measure selection in the presence of cyber threats

Michael R. Grimaila,Adedeji Badiru
DOI: https://doi.org/10.1007/s12351-010-0102-2
IF: 2.7
2011-01-23
Operational Research
Abstract:The increased reliance on information technology systems and communications networks in support of the core organizational processes creates an environment where significant, and potentially catastrophic, losses can result from a loss or corruption of a critical information resource. Risk assessment is the widely accepted process used to understand, quantify, and document the effects of undesirable events on organizational objectives so that risk management, continuity of operations planning, and contingency planning can be performed. In this paper, we present the application of a simulation-based hybrid analytic dynamic forecasting methodology that combines the techniques of analytic hierarchy process, factor analysis, and spanning tree to the problem of selecting among a set contingency measures following events which place the organizational mission at risk. The methodology makes use of qualitative subjective assessments by subject matter experts at multiple levels of the organization and uses historical event occurrences (when available) to provide the decision maker with a ongoing recommendation of the best contingency measures to employ to assure the organizational mission objectives. The method is novel because it augments the decision maker’s experiential knowledge with a probabilistic forecast of the best contingency measure to take in response to events based upon subject matter expert knowledge, historical evidence, and the real-time status critical resources. The methodology provides a structured approach to mitigate operational risk in complex environments and decreases the time required to make decisions under conditions of uncertainty.
operations research & management science
What problem does this paper attempt to address?