Conference Proceedings

Integrated security risk management for IT-intensive organizations

J Mounzer, T Alpcan, N Bambos

Proceedings of Sixth International Conference on Information Assurance and Security | Published : 2010


Security risk management is becoming increasingly important in a variety of areas related to information technology (IT), such as telecommunications, cloud computing, banking information systems, etc. In this paper, we develop a systematic quantitative framework for security risk management in IT-intensive organizations. This framework provides a unified viewpoint for considering a wide array of security risk factors which can disrupt business continuity. Our approach integrates the three phases of security risk management, namely risk modeling, assessment, and control/mitigation, through a formulation based on directed graphs, cascades of failures, and mathematical optimization. We consider..

View full abstract

Citation metrics