Note: this blog is a mirror of my HP Labs Blog, on the same topic, accessible at: http://h30507.www3.hp.com/t5/Research-on-Security-and/bg-p/163

Friday, April 29, 2011

Identity and Security Analytics: Paper Accepted at IEEE Policy 2011 Symposium

We got a paper accepted at the IEEE Policy 2011 Symposium focusing on the Identity and Security Analytics work we did with a major HP customer:

“Marco Casassa Mont, Richard Brown
Risk Assessment and Decision Support for Security Policies and Related Enterprise Operational Processes”

The abstract of the paper follows:

“This paper presents and discusses our work to provide organizations with risk assessment and decision support capabilities when dealing with their strategic security policies. We aim at achieving this by using a rigorous and scientific methodology (and tools) which leverages modeling and simulation techniques. This methodology helps organizations to assess their risk exposure. It factors in policy implementation at the operational level along with relevant threats, processes, interactions and people behaviors. It provides “what-if” analysis by illustrating the consequences of making policy changes and investments. We introduce our methodology and tools and then illustrate how this approach has been successfully used in a real case study with one of our major customers. This case study focused on the organization’s access management processes and related policies: it helped to inform strategic security policies and support changes of current processes. Additional work is planned in this space.”


--- Posted by Marco Casassa Mont (here and here) ---

--- NOTE: use this mirror blog if you prefer posting on an external blog site ---

--- NOTE: my original HP blog can be found here ---

No comments: