Advanced Search
MyIDEAS: Login to save this paper or follow this series

Quantifying Risks in Service Networks: Using Probability Distributions for the Evaluation of Optimal Security Levels

Contents:

Author Info

  • Ackermann, Tobias
  • Buxmann, Peter
Registered author(s):

    Abstract

    The increasing costs and frequency of security incidents require organizations to apply proper IT risk management. At the same time, the expanding usage of Service-oriented Architectures fosters software systems composed of cross-linked services. Therefore, it is important to develop risk management methods for these composite systems. In this paper, we present a straightforward model that can be used to quantify the risks related to service networks. Based on the probability distribution of the costs which are related to risks, it is possible to make proper investment choices using individual risk preferences. The attractiveness of investment alternatives and different levels of security can be measured with various characteristics like the expected value of the costs, the Value-at-Risk or more complex utility functions. Through performance evaluations we show that our model can be used to calculate the costs’ probability density function for large scale networks in a very efficient way. Furthermore, we demonstrate the application of the model and the algorithms with the help of a concrete application scenario. As a result, we improve IT risk management by proposing a model which supports decision makers in comparing alternative service scenarios and alternative security investments in order to find the optimal level of IT security.

    Download Info

    If you experience problems downloading a file, check if you have the proper application to view it first. In case of further problems read the IDEAS help page. Note that these files are not on the IDEAS site. Please be patient as the files may be large.
    File URL: http://aisel.aisnet.org/amcis2010/284/
    Download Restriction: no

    Bibliographic Info

    Paper provided by Darmstadt Technical University, Department of Business Administration, Economics and Law, Institute for Business Studies (BWL) in its series Publications of Darmstadt Technical University, Institute for Business Studies (BWL) with number 46351.

    as in new window
    Length:
    Date of creation: Aug 2010
    Date of revision:
    Handle: RePEc:dar:wpaper:46351

    Note: for complete metadata visit http://tubiblio.ulb.tu-darmstadt.de/46351/
    Contact details of provider:
    Postal: Hochschulstr. 1, 64289 Darmstadt
    Phone: ++49 (0)6151 16-2701
    Fax: ++49 (0)6151 16-6508
    Email:
    Web page: http://www.wi.tu-darmstadt.de/fachgebiete/fachgebiete_4/betriebswirtschaftlichefachgebiete.de.jsp
    More information through EDIRC

    Related research

    Keywords:

    This paper has been announced in the following NEP Reports:

    References

    No references listed on IDEAS
    You can help add them by filling out this form.

    Citations

    Lists

    This item is not listed on Wikipedia, on a reading list or among the top items on IDEAS.

    Statistics

    Access and download statistics

    Corrections

    When requesting a correction, please mention this item's handle: RePEc:dar:wpaper:46351. See general information about how to correct material in RePEc.

    For technical questions regarding this item, or to correct its authors, title, abstract, bibliographic or download information, contact: (Dekanatssekretariat).

    If you have authored this item and are not yet registered with RePEc, we encourage you to do it here. This allows to link your profile to this item. It also allows you to accept potential citations to this item that we are uncertain about.

    If references are entirely missing, you can add them using this form.

    If the full references list an item that is present in RePEc, but the system did not link to it, you can help with this form.

    If you know of missing items citing this one, you can help us creating those links by adding the relevant references in the same way as above, for each refering item. If you are a registered author of this item, you may also want to check the "citations" tab in your profile, as there may be some citations waiting for confirmation.

    Please note that corrections may take a couple of weeks to filter through the various RePEc services.