We recently published a new HPL Technical Report illustrating the practical usage of Security Analytics in a case study involving one of our major customers:
“Marco Casassa Mont, Richard Brown - Risk Assessment and Decision Support for Security Policies and Related Enterprise Operational Processes”
The paper abstract follows:
“This paper presents and discusses our work to provide organizations with risk assessment and decision support capabilities when dealing with their strategic security policies. Traditional work in the policy management space primarily focuses on technical languages and frameworks to manage and enforce operational policies. These contributions are important but they do not address strategic decision makers’ needs and questions such as: What business and security risks is my organization exposed to, due to the current security policies and related operational processes? How effectively are these policies enforced at the operational level? What is the impact of changing them? We aim at providing strategic decision support in this space by using a rigorous and scientific methodology (and tools) which leverages modeling and simulation techniques. This methodology helps organizations to assess their risk exposure. It factors in policy implementation at the operational level along with relevant threats, processes, interactions and people behaviors. It provides “what-if” analysis by illustrating the consequences of making policy changes and investments. We briefly introduce our methodology and tools and then ground the discussion by illustrating how this approach has been successfully used in a real case study with one of our major customers. This case study focused on the organization’s access management processes and related policies: it helped to inform strategic security policies and support changes of current access management processes. Additional work is planned in this space to further validate our approach and build template solutions for different types of organizational policies and processes.”
--- Posted by Marco Casassa Mont (here and here) ---
--- NOTE: use this mirror blog if you prefer posting on an external blog site ---
--- NOTE: my original HP blog can be found here ---
No comments:
Post a Comment