Category Archives: Information Security Risk Management

An Ontology- and Bayesian-based Approach for Determining Threat Probabilities

The paper has been accepted for publication and I will present it in March 2011 at the 6th ACM Symposium on Information, Computer and Communications Security in Hongkong, China. Abstract: Information security risk management is crucial for ensuring long-term business … Continue reading

Posted in Information Security Risk Management | Comments Off on An Ontology- and Bayesian-based Approach for Determining Threat Probabilities

Verification, Validation, and Evaluation in Information Security Risk Management

Our article “Verification, Validation, and Evaluation in Information Security Risk Management” got accepted at IEEE Security & Privacy. Check out the preprint at the IEEE Digital Library. Abstract: Over the last four decades, various information security risk management (ISRM) approaches … Continue reading

Posted in Information Security Risk Management | Comments Off on Verification, Validation, and Evaluation in Information Security Risk Management

Business Process-Based Resource Importance Determination

Find details about our novel resource importance determination method in our latest BPM paper. Abstract: Information security risk management (ISRM) heavily depends on realistic impact values representing the resources’ importance in the overall organizational context. Although a variety of ISRM … Continue reading

Posted in Business Process Analysis, Information Security Risk Management | Comments Off on Business Process-Based Resource Importance Determination

AURUM: Automated Risk and Utility Management

Our AURUM prototype supports decision makers in selecting security measures according to technical and economical requirements. It is designed to minimize the interaction necessary between user and system and to provide decision makers with an intuitive solution that can be … Continue reading

Posted in Information Security Risk Management | Comments Off on AURUM: Automated Risk and Utility Management