Abstract
In this paper, we introduce a new scheme for performing IT Risk Management within organizational domains. It adopts a business process-oriented view which integrates risk assessment, vulnerability assessment and risk mitigation into a quantitative framework. Taking the asset dependencies into account, we map business process values to IT hardware components in a hierarchical fashion and combine it with IT system vulnerability and threat analysis to derive risk scores on the IT hardware system level. We then apply discrete-time algorithms for computing cost-optimal quantitative mitigation strategies given a set of available mitigation actions. We illustrate the entire integrated process by means of a case study and show that considerable risk reduction can be achieved.
Sign-in/Register to access full text options 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a callDisclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.
