Title :
Risk Management for IT Security: When Theory Meets Practice
Author :
Chorppath, Anil Kumar ; Alpcan, Tansu
Author_Institution :
Tech. Univ. of Munich, Munich, Germany
Abstract :
A Layer-Based Risk Tool (LBRT) for IT security management in a corporate environment is presented and discussed. The Risk-Rank algorithm is modified for implementation in this tool by taking practical considerations into account. The focus is shifted to a security requirement-based approach during actual assessment of operational risk in the organization and absolute risk values are computed instead of relative risk probabilities. In addition, a risk mitigation algorithm is proposed to find the optimum set of measures under certain budget constraints. A dynamic programming formulation is presented and a shortest path solution is obtained based on Dijkstra´s algorithm. The risk assessment and mitigation algorithms are illustrated and evaluated with numerical examples.
Keywords :
business data processing; dynamic programming; risk management; security of data; Dijkstra algorithm; IT security management; LBRT; Risk-Rank algorithm; absolute risk values; budget constraints; corporate environment; dynamic programming formulation; layer-based risk tool; operational risk assessment; risk management; risk mitigation algorithm; security requirement-based approach; shortest path solution; Diffusion processes; Dynamic programming; Heuristic algorithms; Organizations; Risk management; Security; Time measurement;
Conference_Titel :
New Technologies, Mobility and Security (NTMS), 2012 5th International Conference on
Conference_Location :
Istanbul
Print_ISBN :
978-1-4673-0228-9
Electronic_ISBN :
2157-4952
DOI :
10.1109/NTMS.2012.6208739
