By Topic

Modeling dependencies in security risk management

Sign In

Cookies must be enabled to login.After enabling cookies , please use refresh or reload or ctrl+f5 on the browser for the login options.

Formats Non-Member Member
$31 $13
Learn how you can qualify for the best price for this item!
Become an IEEE Member or Subscribe to
IEEE Xplore for exclusive pricing!
close button

puzzle piece

IEEE membership options for an individual and IEEE Xplore subscriptions for an organization offer the most affordable access to essential journal articles, conference papers, standards, eBooks, and eLearning courses.

Learn more about:

IEEE membership

IEEE Xplore subscriptions

2 Author(s)
Alpcan, Tansu ; Deutsche Telekom Labs., Berlin Tech. Univ., Berlin, Germany ; Bambos, N.

This paper develops a framework for analyzing security risk dependencies in organizations and ranking the risks. The framework captures how risk `diffuses' via complex interactions and reaches an equilibrium by introducing a risk-rank algorithm. A conceptual structure of an organization-comprised of business units, security threats/vulnerabilities, and people-is leveraged for modeling risk dependencies and cascades. The risk-rank algorithm captures risk diffusion over time and ranks various risks based on a balancing of the immediate risk versus the future one emerging via cascading across system dependencies. Thus, the presented framework facilitates a systematic prioritization of risks in organizations.

Published in:

Risks and Security of Internet and Systems (CRiSIS), 2009 Fourth International Conference on

Date of Conference:

19-22 Oct. 2009