{"title":"Model-Based Mitigation of Availability Risks","authors":"E. Zambon, D. Bolzoni, S. Etalle, M. Salvato","doi":"10.1109/BDIM.2007.375014","DOIUrl":null,"url":null,"abstract":"The assessment and mitigation of risks related to the availability of the IT infrastructure is becoming increasingly important in modern organizations. Unfortunately, present standards for risk assessment and mitigation show limitations when evaluating and mitigating availability risks. This is due to the fact that they do not fully consider the dependencies between the constituents of an IT infrastructure that are paramount in large enterprises. These dependencies make the technical problem of assessing availability issues very challenging. In this paper we define a method and a tool for carrying out a risk mitigation activity which allows us to assess the global impact of a set of risks and to choose the best set of countermeasures to cope with them. To this end, the presence of a tool is necessary, due to the high complexity of the assessment problem. Our approach can be integrated in present risk management methodologies (e.g. COBIT) to provide a more precise risk mitigation activity. We substantiate the viability of this approach by showing that most of the input required by the tool is available as part of a standard business continuity plan, and/or by performing a common tool-assisted risk management.","PeriodicalId":414047,"journal":{"name":"2007 2nd IEEE/IFIP International Workshop on Business-Driven IT Management","volume":"16 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2007-01-31","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"18","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"2007 2nd IEEE/IFIP International Workshop on Business-Driven IT Management","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/BDIM.2007.375014","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
引用次数: 18
Abstract
The assessment and mitigation of risks related to the availability of the IT infrastructure is becoming increasingly important in modern organizations. Unfortunately, present standards for risk assessment and mitigation show limitations when evaluating and mitigating availability risks. This is due to the fact that they do not fully consider the dependencies between the constituents of an IT infrastructure that are paramount in large enterprises. These dependencies make the technical problem of assessing availability issues very challenging. In this paper we define a method and a tool for carrying out a risk mitigation activity which allows us to assess the global impact of a set of risks and to choose the best set of countermeasures to cope with them. To this end, the presence of a tool is necessary, due to the high complexity of the assessment problem. Our approach can be integrated in present risk management methodologies (e.g. COBIT) to provide a more precise risk mitigation activity. We substantiate the viability of this approach by showing that most of the input required by the tool is available as part of a standard business continuity plan, and/or by performing a common tool-assisted risk management.
京公网安备 11010802042870号
京ICP备2023020795号-1
分享
求助内容:
应助结果提醒方式:
扫码关注我们
