Identifying risk profiles and mitigating actions for business communication services

Enterprises embracing Bring-Your-Own-Device encounter increased risk to data, applications and network resources. The dilemma is how to address threats with mitigating actions that do not unduly disrupt business, yet protect vulnerable assets. This paper proposes a model that identifies risk context and automatically selects appropriate actions. Risks are detected by conflicting observations, timeline discrepancies and risk-indicating behavior patterns. Detected risks are used to construct risk profiles that capture enterprise´s risk mitigation policies via customizable prioritization, and business attributes are used to determine business profiles. It is proposed to utilize a novel multi-dimensional weighting to highlight relationships of risks with assets/actions. Best-fit profiles for both business and risk are selected via `if-the-shoe-fits´ process. Then, mitigating actions are determined by fusing the risk and business profiles, and precise actions are established via score `tolerance bands´.