Ackermann, Tobias ; Buxmann, Peter (2010)
Quantifying Risks in Service Networks: Using Probability Distributions for the Evaluation of Optimal Security Levels.
Konferenzveröffentlichung, Bibliographie
Kurzbeschreibung (Abstract)
The increasing costs and frequency of security incidents require organizations to apply proper IT risk management. At the same time, the expanding usage of Service-oriented Architectures fosters software systems composed of cross-linked services. Therefore, it is important to develop risk management methods for these composite systems. In this paper, we present a straightforward model that can be used to quantify the risks related to service networks. Based on the probability distribution of the costs which are related to risks, it is possible to make proper investment choices using individual risk preferences. The attractiveness of investment alternatives and different levels of security can be measured with various characteristics like the expected value of the costs, the Value-at-Risk or more complex utility functions. Through performance evaluations we show that our model can be used to calculate the costs’ probability density function for large scale networks in a very efficient way. Furthermore, we demonstrate the application of the model and the algorithms with the help of a concrete application scenario. As a result, we improve IT risk management by proposing a model which supports decision makers in comparing alternative service scenarios and alternative security investments in order to find the optimal level of IT security.
| Typ des Eintrags: | Konferenzveröffentlichung |
|---|---|
| Erschienen: | 2010 |
| Autor(en): | Ackermann, Tobias ; Buxmann, Peter |
| Art des Eintrags: | Bibliographie |
| Titel: | Quantifying Risks in Service Networks: Using Probability Distributions for the Evaluation of Optimal Security Levels |
| Sprache: | Deutsch |
| Publikationsjahr: | August 2010 |
| Buchtitel: | Proceedings of the 16th Americas Conference on Information Systems (AMCIS) 2010 |
| Kurzbeschreibung (Abstract): | The increasing costs and frequency of security incidents require organizations to apply proper IT risk management. At the same time, the expanding usage of Service-oriented Architectures fosters software systems composed of cross-linked services. Therefore, it is important to develop risk management methods for these composite systems. In this paper, we present a straightforward model that can be used to quantify the risks related to service networks. Based on the probability distribution of the costs which are related to risks, it is possible to make proper investment choices using individual risk preferences. The attractiveness of investment alternatives and different levels of security can be measured with various characteristics like the expected value of the costs, the Value-at-Risk or more complex utility functions. Through performance evaluations we show that our model can be used to calculate the costs’ probability density function for large scale networks in a very efficient way. Furthermore, we demonstrate the application of the model and the algorithms with the help of a concrete application scenario. As a result, we improve IT risk management by proposing a model which supports decision makers in comparing alternative service scenarios and alternative security investments in order to find the optimal level of IT security. |
| Freie Schlagworte: | Secure Services |
| ID-Nummer: | TUD-CS-2010-0081 |
| Fachbereich(e)/-gebiet(e): | LOEWE LOEWE > LOEWE-Zentren LOEWE > LOEWE-Zentren > CASED – Center for Advanced Security Research Darmstadt |
| Hinterlegungsdatum: | 30 Dez 2016 20:23 |
| Letzte Änderung: | 03 Jun 2018 21:30 |
| PPN: | |
| Export: | |
| Suche nach Titel in: | TUfind oder in Google |
 |
Frage zum Eintrag |
Optionen (nur für Redakteure)
 |
Redaktionelle Details anzeigen |
Drucken
Impressum