Information security risk assessment, aggregation, and mitigation

A.K. Lenstra, T. Voss

Research output: Chapter in Book/Report/Conference proceedingConference contributionAcademicpeer-review

9 Citations (Scopus)
1 Downloads (Pure)


As part of their compliance process with the Basel 2 operational risk management requirements, banks must define how they deal with information security risk management. In this paper we describe work in progress on a new quantitative model to assess and aggregate information security risks that is currently under development for deployment. We show how to find a risk mitigation strategy that is optimal with respect to the model used and the available budget. Keywords: Risk management, risk assessment, risk aggregation, risk mitigation, Basel 2, multiple-choice knapsack problem
Original languageEnglish
Title of host publicationInformation Security and Privacy (Proceedings 9th Australasian Conference, ACISP 2004, Sydney, Australia, July 13-15, 2004)
EditorsH. Wang, J. Pieprzyk, V. Varadharajan
Place of PublicationBerlin
ISBN (Print)3-540-22379-7
Publication statusPublished - 2004

Publication series

NameLecture Notes in Computer Science
ISSN (Print)0302-9743


Dive into the research topics of 'Information security risk assessment, aggregation, and mitigation'. Together they form a unique fingerprint.

Cite this