Two colleagues and I presented paper titled “Security Risk Management for Critical Infrastructures” at itAIS 2011 Conference, “Information Systems: a crossroads for organization, management, accounting and engineering”, held in Rome, Italy, October 7 – 8, 2011.
Abstract: This paper presents a methodology for risk management developed and used mainly for critical infrastructures, but that can be generalized and used in other contexts. It outlines security risk assessment including identifying processes, resources / assets, threats and vulnerabilities, impacts and likelihood of failures. The methodology primary focus is the analysis of business impacts and the quantification of the different risks, together with the identification of priority intervention areas, in order to eliminate, reduce, transfer or assume calculated risks, finding the right balance between the investment (resources, money etc.) and the acceptable level / threshold of risk. The paper, based on theoretical background and on practical experiences and results achieved in real organizations that operate on global level, presents critical infrastructure characteristics, the risk management process, security goals and standards and an integrated methodology for risk management applied to critical infrastructures. Some applications cases and results obtained are shortly described, disguised for strong confidentiality issues.
Dragan Pleskonjic, Fabrizio Virtuani, Oscar Zoggia: “Security Risk Management for Critical Infrastructures”, ItAIS 2011, Rome, Italy, October 7-8, 2011
Conference is held on LUISS “Guido Carli” University, Rome – Italy.
Paper and presentation was well accepted and generated a lot of interest in this new challenging topic among the scientific and industry community.
Conference program is here.
If you are interested to know more details, please send me e-mail.