Title :
Dynamic Control and Mitigation of Interdependent IT Security Risks
Author :
Mounzer, Jeffrey ; Alpcan, Tansu ; Bambos, Nick
Author_Institution :
Electr. Eng., Stanford Univ., Stanford, CA, USA
Abstract :
Security risk management for information technology-based organizations has become increasingly important in recent years. However, the risk assessment and mitigation strategies that these organizations employ have remained relatively ad hoc and qualitative. In this paper, we extend a quantitative framework for risk assessment called Risk-Rank to include risk mitigation through Markov Decision Processes. By doing so, we provide an analysis-to-action quantitative approach to security risk management, enabling IT managers to perform more comprehensive evaluations of their risk exposures. We demonstrate the effectiveness of this approach through an example related to the patching of computers in a corporate network.
Keywords :
Markov processes; business data processing; decision making; information technology; risk management; security of data; IT security; Markov decision process; dynamic control; information technology; risk assessment; risk mitigation; security risk management; Communication system control; Communications Society; Computer hacking; Computer networks; Data security; Information security; Laboratories; Paper technology; Risk analysis; Risk management;
Conference_Titel :
Communications (ICC), 2010 IEEE International Conference on
Conference_Location :
Cape Town
Print_ISBN :
978-1-4244-6402-9
DOI :
10.1109/ICC.2010.5502671
