Information security risk assessment, aggregation, and mitigation

As part of their compliance process with the Basel 2 operational risk management requirements, banks must define how they deal with information security risk management. In this paper we describe work in progress on a new quantitative model to assess and aggregate information security risks that is currently under development for deployment. We show how to find a risk mitigation strategy that is optimal with respect to the model used and the available budget.


Published in:
Information Security And Privacy, Proceedings, 391-401
Presented at:
9th Australasian Conference on Information Security and Privacy, Sydney, AUSTRALIA, Jul 13-15, 2004
Year:
2004
Publisher:
Springer-Verlag New York, Ms Ingrid Cunningham, 175 Fifth Ave, New York, Ny 10010 Usa
Keywords:
Laboratories:




 Record created 2011-03-29, last modified 2018-03-17

n/a:
Download fulltext
PDF

Rate this document:

Rate this document:
1
2
3
 
(Not yet reviewed)