Conference Proceedings

Modeling dependencies in security risk management

T Alpcan, N Bambos

Post-Proceedings of the 4th International Conference on Risks and Security of Internet and Systems, CRiSIS 2009 | Published : 2009


This paper develops a framework for analyzing security risk dependencies in organizations and ranking the risks. The framework captures how risk 'diffuses' via complex interactions and reaches an equilibrium by introducing a Risk-Rank algorithm. A conceptual structure of an organization - comprised of business units, security threats/vulnerabilities, and people - is leveraged for modeling risk dependencies and cascades. The Risk-Rank algorithm captures risk diffusion over time and ranks various risks based on a balancing of the immediate risk versus the future one emerging via cascading across system dependencies. Thus, the presented framework facilitates a systematic prioritization of risks..

View full abstract

Citation metrics