By Topic

Risk Management for IT Security: When Theory Meets Practice

Sign In

Cookies must be enabled to login.After enabling cookies , please use refresh or reload or ctrl+f5 on the browser for the login options.

Formats Non-Member Member
$31 $13
Learn how you can qualify for the best price for this item!
Become an IEEE Member or Subscribe to
IEEE Xplore for exclusive pricing!
close button

puzzle piece

IEEE membership options for an individual and IEEE Xplore subscriptions for an organization offer the most affordable access to essential journal articles, conference papers, standards, eBooks, and eLearning courses.

Learn more about:

IEEE membership

IEEE Xplore subscriptions

2 Author(s)
Chorppath, Anil Kumar ; Tech. Univ. of Munich, Munich, Germany ; Alpcan, Tansu

A Layer-Based Risk Tool (LBRT) for IT security management in a corporate environment is presented and discussed. The Risk-Rank algorithm is modified for implementation in this tool by taking practical considerations into account. The focus is shifted to a security requirement-based approach during actual assessment of operational risk in the organization and absolute risk values are computed instead of relative risk probabilities. In addition, a risk mitigation algorithm is proposed to find the optimum set of measures under certain budget constraints. A dynamic programming formulation is presented and a shortest path solution is obtained based on Dijkstra's algorithm. The risk assessment and mitigation algorithms are illustrated and evaluated with numerical examples.

Published in:

New Technologies, Mobility and Security (NTMS), 2012 5th International Conference on

Date of Conference:

7-10 May 2012