Authors: Israel Andrade Canales
The National Autonomous University of Mexico (UNAM) offers different types of services to support academic activities. All of these services use valuable information for the achievement of their objectives and goals; consequently, information is one of the most important assets that the University has. However, thousands of security incidents affect these assets every year; for instance, in 2012 the university network suffered about 16,000 incidents provoked by botnets, spam and brute force attacks. Until now, this problem has been confronted by qualitative risk analysis methodologies in order to select counter-measures that mitigate these dangerous events. Nevertheless, these approaches lack either an optimization point of view or accurate results. Because the institution needs to treat risk not only precisely but also plausibly in financial and technical terms, this paper tries to shed light on a mixed model that combines simulation and linear optimization for the prediction and treatment of security incidents.