Mathematical Modeling of Investments in the Development of an Information Security System
An Optimal Control Approach
DOI:
https://doi.org/10.19139/soic-2310-5070-3221Keywords:
Assets, loan repayment, risk assessment, financial optimization, quantitative analysis, strategic decision-makingAbstract
This paper develops a methodological optimal-control model for investments in the development of an information security system (ISS). Rather than treating the problem as a purely generic financial portfolio, the study explicitly interprets security controls as investable assets. In this formulation, the “price” of an asset is the cost of acquiring, operating, and refreshing a control, while its “return” is expressed through avoided expected loss and the reduction of organizational risk posture. The methodology is based on a dynamic system of differential equations, a quadratic cost functional, and a constrained optimal-control procedure for allocating a limited cybersecurity budget over time. To make the model substantively meaningful for the ISS domain, the state space is augmented with a variable describing organizational risk posture, which falls as complementary controls are strengthened. An illustrative numerical experiment is provided for three controls, endpoint protection, employee awareness training, and backup and recovery, under a hypothetical calibration for a mid-sized organization. Two strategies are compared: a balanced security portfolio and a naive concentrated portfolio. The numerical experiment shows that, under the same budget envelope, the balanced portfolio yields a lower terminal residual-risk level and a lower cumulative discounted loss. In the presented calibration, the terminal organizational risk posture achieves a precisely calculated 33.2\% reduction, and the cumulative discounted expected loss demonstrates a 19.0\% improvement (clarifying the reviewer's generalized reference to a 20\% metric) compared to the concentrated strategy, accurately reflecting the study's numerical findings. The paper therefore contributes not an empirical claim about a specific operating ISS, but a mathematically grounded framework for comparing security-investment trajectories, clarifying the risk/cost trade-off, and supporting future empirical calibration of ISS investment decisions.Downloads
Published
2026-06-22
How to Cite
Yessenbayeva, A., Mazakov, T., Mailybayeva, A., Jomartova, S., & Mazakova, A. (2026). Mathematical Modeling of Investments in the Development of an Information Security System: An Optimal Control Approach. Statistics, Optimization & Information Computing, 16(2), 1493–1508. https://doi.org/10.19139/soic-2310-5070-3221
Issue
Section
Research Articles
License
Copyright (c) 2026 Arailym Yessenbayeva, Talgat Mazakov, Aiman Mailybayeva, Sholpan Jomartova, Aigerim Mazakova
This work is licensed under a Creative Commons Attribution 4.0 International License.
Authors who publish with this journal agree to the following terms:
- Authors retain copyright and grant the journal right of first publication with the work simultaneously licensed under a Creative Commons Attribution License that allows others to share the work with an acknowledgement of the work's authorship and initial publication in this journal.
- Authors are able to enter into separate, additional contractual arrangements for the non-exclusive distribution of the journal's published version of the work (e.g., post it to an institutional repository or publish it in a book), with an acknowledgement of its initial publication in this journal.
- Authors are permitted and encouraged to post their work online (e.g., in institutional repositories or on their website) prior to and during the submission process, as it can lead to productive exchanges, as well as earlier and greater citation of published work (See The Effect of Open Access).
