Yevseyeva, IrynaBasto-Fernandes, VitorEmmerich, MichaelVan Moorsel, Aad2026-01-262026-01-262015-10Yevseyeva, I. & Basto Fernandes, Vitor & Emmerich, Michael & van Moorsel, Aad. (2015). Selecting Optimal Subset of Security Controls. Procedia Computer Science. 64. 1035 - 1042. 10.1016/j.procs.2015.08.625.1877-0509http://hdl.handle.net/10400.8/15488Conference name Conference on ENTERprise Information Systems/International Conference on Project MANagement/Conference on Health and Social Care Information Systems and Technologies, CENTERIS 2015, Vilamoura, 7 October 2015 - 9 October 2015.Conference code: 123098Choosing an optimal investment in information security is an issue most companies face these days. Which security controls to buy to protect the IT system of a company in the best way? Selecting a subset of security controls among many available ones can be seen as a resource allocation problem that should take into account conflicting objectives and constraints of the problem. In particular, the security of the system should be improved without hindering productivity, under a limited budget for buying controls. In this work, we provide several possible formulations of security controls subset selection problem as a portfolio optimization, which is well known in financial management. We propose approaches to solve them using existing single and multiobjective optimization algorithms.engmulticriteria optimisationportfolio optimizationsecuritysubset selectionjournal article10.1016/j.procs.2015.08.625