Dynamic Control and Mitigation of Interdependent IT Security Risks

Dynamic Control and Mitigation of Interdependent IT Security Risks

Security risk management for information technology-based organizations has become increasingly important in recent years. However, the risk assessment and mitigation strategies that these organizations employ have remained relatively ad hoc and qualitative. In this paper, we extend a quantitative f...

Ausführliche Beschreibung

Gespeichert in:
Bibliographische Detailangaben
Hauptverfasser: Mounzer, Jeffrey, Alpcan, Tansu, Bambos, Nick
Format: Tagungsbericht
Sprache:eng
Schlagworte:
Communication system control
Communications Society
Computer hacking
Computer networks
Data security
Information security
Laboratories
Paper technology
Risk analysis
Risk management
Online-Zugang:Volltext bestellen
Tags: Tag hinzufügen
Keine Tags, Fügen Sie den ersten Tag hinzu!
Beschreibung
Zusammenfassung:Security risk management for information technology-based organizations has become increasingly important in recent years. However, the risk assessment and mitigation strategies that these organizations employ have remained relatively ad hoc and qualitative. In this paper, we extend a quantitative framework for risk assessment called Risk-Rank to include risk mitigation through Markov Decision Processes. By doing so, we provide an analysis-to-action quantitative approach to security risk management, enabling IT managers to perform more comprehensive evaluations of their risk exposures. We demonstrate the effectiveness of this approach through an example related to the patching of computers in a corporate network.
ISSN:1550-3607
1938-1883
DOI:10.1109/ICC.2010.5502671