Decision on Replacing Components of Security Functions in COTS-Based Information Systems

As governments and enterprises adopt COTS-based information systems, COTS components must be selected to satisfy the security requirements of applied systems. However, the selection of security components is a trade-off between the confidence level in the components and the cost of replacing components. The higher confidence required of the security components leads to a higher cost in the selection process. Particularly, as governments take into account the confidence-level of COTS-based information systems, they must replace security functional components by their own developing components in high security environment. A decision method is needed to solve the trade-off between security and costs. This paper focuses on decision making to solve the problem of replacing the security functional components in COTS-based systems. This paper suggests an appropriate adaptation level and a cost-effective priority to replace security functional components in security environment. To make a cost effective decision on adapting security functional components, we develop a hierarchical model of information security technologies. Based on this, we determine the priority among security functional components using AHP (Analytic Hierarchy Process).