Title :
A quantitative framework for dependency-aware organizational IT Risk Management
Author :
Schmidt, Stephan ; Albayrak, Sahin
Author_Institution :
DAI Labs., Berlin Inst. of Technol., Berlin, Germany
fDate :
Nov. 29 2010-Dec. 1 2010
Abstract :
In this paper, we introduce a new scheme for performing IT Risk Management within organizational domains. It adopts a business process-oriented view which integrates risk assessment, vulnerability assessment and risk mitigation into a quantitative framework. Taking the asset dependencies into account, we map business process values to IT hardware components in a hierarchical fashion and combine it with IT system vulnerability and threat analysis to derive risk scores on the IT hardware system level. We then apply discrete-time algorithms for computing cost-optimal quantitative mitigation strategies given a set of available mitigation actions. We illustrate the entire integrated process by means of a case study and show that considerable risk reduction can be achieved.
Keywords :
DP management; data analysis; organisational aspects; risk management; security of data; IT hardware system level; IT risk management; IT system vulnerability analysis; IT threat analysis; business process-oriented view; cost-optimal quantitative mitigation strategy; dependency-aware organizational management; discrete-time algorithms; risk assessment; risk mitigation; risk reduction; vulnerability assessment;
Conference_Titel :
Intelligent Systems Design and Applications (ISDA), 2010 10th International Conference on
Conference_Location :
Cairo
Print_ISBN :
978-1-4244-8134-7
DOI :
10.1109/ISDA.2010.5687022
