论文信息 - Information Security Risk Assessment, Aggregation, and Mitigation

Information Security Risk Assessment, Aggregation, and Mitigation

As part of their compliance process with the Basel 2 operational risk management requirements, banks must define how they deal with information security risk management. In this paper we describe work in progress on a new quantitative model to assess and aggregate information security risks that is currently under development for deployment. We show how to find a risk mitigation strategy that is optimal with respect to the model used and the available budget.

Arjen K. Lenstra | Tim Voss | A. Lenstra | T. Voss

[1] Thorsten Rheinländer. Risk Management: Value at Risk and Beyond , 2003 .

[2] David Pisinger. A minimal algorithm for the Multiple-choice Knapsack Problem , 1995 .

[3] P. Embrechts,et al. Risk Management: Correlation and Dependence in Risk Management: Properties and Pitfalls , 2002 .