• DocumentCode
    2913349
  • Title

    Dynamic Control and Mitigation of Interdependent IT Security Risks

  • Author

    Mounzer, Jeffrey ; Alpcan, Tansu ; Bambos, Nick

  • Author_Institution
    Electr. Eng., Stanford Univ., Stanford, CA, USA
  • fYear
    2010
  • fDate
    23-27 May 2010
  • Firstpage
    1
  • Lastpage
    6
  • Abstract
    Security risk management for information technology-based organizations has become increasingly important in recent years. However, the risk assessment and mitigation strategies that these organizations employ have remained relatively ad hoc and qualitative. In this paper, we extend a quantitative framework for risk assessment called Risk-Rank to include risk mitigation through Markov Decision Processes. By doing so, we provide an analysis-to-action quantitative approach to security risk management, enabling IT managers to perform more comprehensive evaluations of their risk exposures. We demonstrate the effectiveness of this approach through an example related to the patching of computers in a corporate network.
  • Keywords
    Markov processes; business data processing; decision making; information technology; risk management; security of data; IT security; Markov decision process; dynamic control; information technology; risk assessment; risk mitigation; security risk management; Communication system control; Communications Society; Computer hacking; Computer networks; Data security; Information security; Laboratories; Paper technology; Risk analysis; Risk management;
  • fLanguage
    English
  • Publisher
    ieee
  • Conference_Titel
    Communications (ICC), 2010 IEEE International Conference on
  • Conference_Location
    Cape Town
  • ISSN
    1550-3607
  • Print_ISBN
    978-1-4244-6402-9
  • Type

    conf

  • DOI
    10.1109/ICC.2010.5502671
  • Filename
    5502671
    • Link To Document
    https://search.isc.ac/dl/search/defaultta.aspx?DTC=49&DC=2913349