Title :
Risk Assessment and Decision Support for Security Policies and Related Enterprise Operational Processes
Author :
Mont, Marco Casassa ; Brown, Richard
Author_Institution :
Cloud & Security Lab., Hewlett-Packard Labs., Bristol, UK
Abstract :
This paper presents and discusses our work to provide organizations with risk assessment and decision support capabilities when dealing with their strategic security policies. We aim at achieving this by using a rigorous and scientific methodology (and tools) which leverages modeling and simulation techniques. This methodology helps organizations to assess their risk exposure. It factors in policy implementation at the operational level along with relevant threats, processes, interactions and people behaviors. It provides "what-if" analysis by illustrating the consequences of making policy changes and investments. We introduce our methodology and tools and then illustrate how this approach has been successfully used in a real case study with one of our major customers. This case study focused on the organization\´s access management processes and related policies: it helped to inform strategic security policies and support changes of current processes. Additional work is planned in this space.
Keywords :
decision support systems; organisational aspects; risk management; security of data; decision support; enterprise operational process; organization access management process; risk assessment; risk exposure; security policies; Analytical models; Biological system modeling; Investments; Organizations; Permission; Risk management; Access Management; Decision Support; Modelling; Risk Assessment; Security Analytics; Security Policies; Simulation;
Conference_Titel :
Policies for Distributed Systems and Networks (POLICY), 2011 IEEE International Symposium on
Conference_Location :
Pisa
Print_ISBN :
978-1-4244-9879-6
Electronic_ISBN :
978-0-7695-4330-7
DOI :
10.1109/POLICY.2011.19
