DocumentCode
2223883
Title
Risk Management for IT Security: When Theory Meets Practice
Author
Chorppath, Anil Kumar ; Alpcan, Tansu
Author_Institution
Tech. Univ. of Munich, Munich, Germany
fYear
2012
fDate
7-10 May 2012
Firstpage
1
Lastpage
5
Abstract
A Layer-Based Risk Tool (LBRT) for IT security management in a corporate environment is presented and discussed. The Risk-Rank algorithm is modified for implementation in this tool by taking practical considerations into account. The focus is shifted to a security requirement-based approach during actual assessment of operational risk in the organization and absolute risk values are computed instead of relative risk probabilities. In addition, a risk mitigation algorithm is proposed to find the optimum set of measures under certain budget constraints. A dynamic programming formulation is presented and a shortest path solution is obtained based on Dijkstra´s algorithm. The risk assessment and mitigation algorithms are illustrated and evaluated with numerical examples.
Keywords
business data processing; dynamic programming; risk management; security of data; Dijkstra algorithm; IT security management; LBRT; Risk-Rank algorithm; absolute risk values; budget constraints; corporate environment; dynamic programming formulation; layer-based risk tool; operational risk assessment; risk management; risk mitigation algorithm; security requirement-based approach; shortest path solution; Diffusion processes; Dynamic programming; Heuristic algorithms; Organizations; Risk management; Security; Time measurement;
fLanguage
English
Publisher
ieee
Conference_Titel
New Technologies, Mobility and Security (NTMS), 2012 5th International Conference on
Conference_Location
Istanbul
ISSN
2157-4952
Print_ISBN
978-1-4673-0228-9
Electronic_ISBN
2157-4952
Type
conf
DOI
10.1109/NTMS.2012.6208739
Filename
6208739
Link To Document