A dynamic resource allocation decision model for IT security

Today, with the continued growth in using information and communication technologies (ICT) for business purposes, business organizations become increasingly dependent on their information systems. Thus, they need to protect them from the different attacks exploiting their vulnerabilities. To do so, the organization has to use security technologies, which may be proactive or reactive ones. Each security technology has a relative cost and addresses specific vulnerabilities. Therefore, the organization has to put in place the appropriate security technologies set that minimizes the information system´s vulnerabilities with a minimal cost. This bi-objective problem will be considered as a resources allocation problem (RAP) where security technologies represent the resources to be allocated. However, the set of vulnerabilities may change, periodically, with the continual appearance of new ones. Therefore, the security technologies set should be flexible to face these changes, in real time, and the problem becomes a dynamic one. In this paper, we propose a harmony search based algorithm to solve the bi-objective dynamic resource allocation decision model. This approach was compared to a genetic algorithm and provided good results.