Using Incident Response Trees as a Tool for Risk Management of Online Financial Services
2014 (English)In: Risk Analysis, ISSN 0272-4332, E-ISSN 1539-6924, Vol. 34, no 9, 1763-1774 p.Article in journal (Refereed) Published
The article introduces the use of probabilistic risk assessment for modeling the incident response process of online financial services. The main contribution is the creation of incident response trees, using event tree analysis, which provides us with a visual tool and a systematic way to estimate the probability of a successful incident response process against the currently known risk landscape, making it possible to measure the balance between front-end and back-end security measures. The model is presented using an illustrative example, and is then applied to the incident response process of a Swedish bank. Access to relevant data is verified and the applicability and usability of the proposed model is verified using one year of historical data. Potential advantages and possible shortcomings are discussed, referring to both the design phase and the operational phase, and future work is presented.
Place, publisher, year, edition, pages
2014. Vol. 34, no 9, 1763-1774 p.
Event tree analysis, fraud, incident response, online services, risk management
Economics and Business
IdentifiersURN: urn:nbn:se:kth:diva-158847DOI: 10.1111/risa.12195ISI: 000345321000015OAI: oai:DiVA.org:kth-158847DiVA: diva2:781367
QC 201501162015-01-162015-01-122015-11-03Bibliographically approved