A quantitative framework for dependency-aware organizational IT Risk Management

Author

Schmidt, Stephan ; Albayrak, Sahin

Author_Institution

DAI Labs., Berlin Inst. of Technol., Berlin, Germany

fYear

2010

fDate

Nov. 29 2010-Dec. 1 2010

Firstpage

1207

Lastpage

1212

Abstract

In this paper, we introduce a new scheme for performing IT Risk Management within organizational domains. It adopts a business process-oriented view which integrates risk assessment, vulnerability assessment and risk mitigation into a quantitative framework. Taking the asset dependencies into account, we map business process values to IT hardware components in a hierarchical fashion and combine it with IT system vulnerability and threat analysis to derive risk scores on the IT hardware system level. We then apply discrete-time algorithms for computing cost-optimal quantitative mitigation strategies given a set of available mitigation actions. We illustrate the entire integrated process by means of a case study and show that considerable risk reduction can be achieved.

Keywords

DP management; data analysis; organisational aspects; risk management; security of data; IT hardware system level; IT risk management; IT system vulnerability analysis; IT threat analysis; business process-oriented view; cost-optimal quantitative mitigation strategy; dependency-aware organizational management; discrete-time algorithms; risk assessment; risk mitigation; risk reduction; vulnerability assessment;

fLanguage

English

Publisher

ieee

Conference_Titel

Intelligent Systems Design and Applications (ISDA), 2010 10th International Conference on

Conference_Location

Cairo

Print_ISBN

978-1-4244-8134-7

Type

conf

DOI

10.1109/ISDA.2010.5687022

Filename

5687022