• DocumentCode
    3451378
  • Title

    Modeling dependencies in security risk management

  • Author

    Alpcan, Tansu ; Bambos, Nick

  • Author_Institution
    Deutsche Telekom Labs., Berlin Tech. Univ., Berlin, Germany
  • fYear
    2009
  • fDate
    19-22 Oct. 2009
  • Firstpage
    113
  • Lastpage
    116
  • Abstract
    This paper develops a framework for analyzing security risk dependencies in organizations and ranking the risks. The framework captures how risk `diffuses´ via complex interactions and reaches an equilibrium by introducing a risk-rank algorithm. A conceptual structure of an organization-comprised of business units, security threats/vulnerabilities, and people-is leveraged for modeling risk dependencies and cascades. The risk-rank algorithm captures risk diffusion over time and ranks various risks based on a balancing of the immediate risk versus the future one emerging via cascading across system dependencies. Thus, the presented framework facilitates a systematic prioritization of risks in organizations.
  • Keywords
    business data processing; organisational aspects; risk analysis; security of data; risk dependency modelling; risk-rank algorithm; security risk management analysis; Computer hacking; Computer networks; Data security; Information security; Information technology; Laboratories; Large-scale systems; Risk analysis; Risk management; Telecommunication computing; Risk modeling; risk dependencies; risk diffusion;
  • fLanguage
    English
  • Publisher
    ieee
  • Conference_Titel
    Risks and Security of Internet and Systems (CRiSIS), 2009 Fourth International Conference on
  • Conference_Location
    Toulouse
  • ISSN
    2151-4763
  • Print_ISBN
    978-1-4244-4498-4
  • Electronic_ISBN
    2151-4763
  • Type

    conf

  • DOI
    10.1109/CRISIS.2009.5411969
  • Filename
    5411969