Title :
IT operational risk assessment and control model based on Bayesian Network
Author :
Hao, Xiaoling ; Yang, Nan
Author_Institution :
Sch. of Inf. Manage. & Eng., Shanghai Univ. of Finance & Econ., Shanghai, China
Abstract :
Banks have become so dependent on IT that even a relatively short loss of the availability of a critical system or the breakdown of network can lead to a total failure of the business. The most important role of IT is to guarantee the operational continuity of business process. Therefore, IT Risk management efforts need to be seen from business operational continuity perspective. This paper presents a causal model with Bayesian Network (BN), which enables the assessment and the proactive control of IT operational risks. It establishes the cause-and-result relationship between the IT vulnerability, threat and business process malfunctions, so that business risk management can be traced back to IT roots, which can improve the pertinence of the control mechanisms. The causal model can be augmented by control decision, and the control effectiveness can be calculated with economic loss through comparison between prior and posterior control. This model can be applied to risk management practice of banking industry.
Keywords :
banking; belief networks; business continuity; risk management; Bayesian network; IT operational risk assessment; IT vulnerability; banking industry; business process malfunctions; business risk management; cause-and-result relationship; critical system; operational business process continuity; Bayesian methods; Biological system modeling; Economics; Loss measurement; Process control; Risk management; Bayesian network; Causal model; IT operational risk; Risk Control;
Conference_Titel :
Natural Computation (ICNC), 2010 Sixth International Conference on
Conference_Location :
Yantai, Shandong
Print_ISBN :
978-1-4244-5958-2
DOI :
10.1109/ICNC.2010.5583696
