Information security risk assessment, aggregation, and mitigation

A.K. Lenstra; T. Voss

doi:10.1007/978-3-540-27800-9_34

Information security risk assessment, aggregation, and mitigation

A.K. Lenstra, T. Voss

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › Academic › peer-review

9 Citations (Scopus)

1 Downloads (Pure)

Abstract

As part of their compliance process with the Basel 2 operational risk management requirements, banks must define how they deal with information security risk management. In this paper we describe work in progress on a new quantitative model to assess and aggregate information security risks that is currently under development for deployment. We show how to find a risk mitigation strategy that is optimal with respect to the model used and the available budget. Keywords: Risk management, risk assessment, risk aggregation, risk mitigation, Basel 2, multiple-choice knapsack problem

Original language	English
Title of host publication	Information Security and Privacy (Proceedings 9th Australasian Conference, ACISP 2004, Sydney, Australia, July 13-15, 2004)
Editors	H. Wang, J. Pieprzyk, V. Varadharajan
Place of Publication	Berlin
Publisher	Springer
Pages	391-401
ISBN (Print)	3-540-22379-7
DOIs	https://doi.org/10.1007/978-3-540-27800-9_34
Publication status	Published - 2004

Publication series

Name	Lecture Notes in Computer Science
Volume	3108
ISSN (Print)	0302-9743

Access to Document

10.1007/978-3-540-27800-9_34

Cite this

Lenstra, A. K., & Voss, T. (2004). Information security risk assessment, aggregation, and mitigation. In H. Wang, J. Pieprzyk, & V. Varadharajan (Eds.), Information Security and Privacy (Proceedings 9th Australasian Conference, ACISP 2004, Sydney, Australia, July 13-15, 2004) (pp. 391-401). (Lecture Notes in Computer Science; Vol. 3108). Springer. https://doi.org/10.1007/978-3-540-27800-9_34

@inproceedings{38a9c2b56b254dd19dcaefb98c6c202f,

title = "Information security risk assessment, aggregation, and mitigation",

abstract = "As part of their compliance process with the Basel 2 operational risk management requirements, banks must define how they deal with information security risk management. In this paper we describe work in progress on a new quantitative model to assess and aggregate information security risks that is currently under development for deployment. We show how to find a risk mitigation strategy that is optimal with respect to the model used and the available budget. Keywords: Risk management, risk assessment, risk aggregation, risk mitigation, Basel 2, multiple-choice knapsack problem",

author = "A.K. Lenstra and T. Voss",

year = "2004",

doi = "10.1007/978-3-540-27800-9_34",

language = "English",

isbn = "3-540-22379-7",

series = "Lecture Notes in Computer Science",

publisher = "Springer",

pages = "391--401",

editor = "H. Wang and J. Pieprzyk and V. Varadharajan",

booktitle = "Information Security and Privacy (Proceedings 9th Australasian Conference, ACISP 2004, Sydney, Australia, July 13-15, 2004)",

address = "Germany",

}

Lenstra, AK & Voss, T 2004, Information security risk assessment, aggregation, and mitigation. in H Wang, J Pieprzyk & V Varadharajan (eds), Information Security and Privacy (Proceedings 9th Australasian Conference, ACISP 2004, Sydney, Australia, July 13-15, 2004). Lecture Notes in Computer Science, vol. 3108, Springer, Berlin, pp. 391-401. https://doi.org/10.1007/978-3-540-27800-9_34

Information security risk assessment, aggregation, and mitigation. / Lenstra, A.K.; Voss, T.
Information Security and Privacy (Proceedings 9th Australasian Conference, ACISP 2004, Sydney, Australia, July 13-15, 2004). ed. / H. Wang; J. Pieprzyk; V. Varadharajan. Berlin: Springer, 2004. p. 391-401 (Lecture Notes in Computer Science; Vol. 3108).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › Academic › peer-review

TY - GEN

T1 - Information security risk assessment, aggregation, and mitigation

AU - Lenstra, A.K.

AU - Voss, T.

PY - 2004

Y1 - 2004

N2 - As part of their compliance process with the Basel 2 operational risk management requirements, banks must define how they deal with information security risk management. In this paper we describe work in progress on a new quantitative model to assess and aggregate information security risks that is currently under development for deployment. We show how to find a risk mitigation strategy that is optimal with respect to the model used and the available budget. Keywords: Risk management, risk assessment, risk aggregation, risk mitigation, Basel 2, multiple-choice knapsack problem

AB - As part of their compliance process with the Basel 2 operational risk management requirements, banks must define how they deal with information security risk management. In this paper we describe work in progress on a new quantitative model to assess and aggregate information security risks that is currently under development for deployment. We show how to find a risk mitigation strategy that is optimal with respect to the model used and the available budget. Keywords: Risk management, risk assessment, risk aggregation, risk mitigation, Basel 2, multiple-choice knapsack problem

U2 - 10.1007/978-3-540-27800-9_34

DO - 10.1007/978-3-540-27800-9_34

M3 - Conference contribution

SN - 3-540-22379-7

T3 - Lecture Notes in Computer Science

SP - 391

EP - 401

BT - Information Security and Privacy (Proceedings 9th Australasian Conference, ACISP 2004, Sydney, Australia, July 13-15, 2004)

A2 - Wang, H.

A2 - Pieprzyk, J.

A2 - Varadharajan, V.

PB - Springer

CY - Berlin

ER -

Information security risk assessment, aggregation, and mitigation

Abstract

Publication series

Access to Document

Fingerprint

Cite this