Abstract
Bringing business risk management and technical security risk management together is one of the major challenges banks currently struggle with in order to increase their resilience against cyber security threats. This short paper presents a systematic approach for such an integrated security risk management which is currently developed in cooperation with a system-relevant bank. The approach uses well known methods and existing standards, it takes advantage of knowledge databases and available generic domain specific models. A first case study has just started. With tool support and especially with a high level of automation the presented approach might become applicable even for large banks.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Lund, M.S., Solhaug, B., Stølen, K.: Model-Driven Risk Analysis – The CORAS Approach. Springer, Heidelberg (2011)
International Standards Organization: ISO 31000:2009(E), Risk management – Principles and guidelines (2009)
BIAN e.V.: The BIAN Service Landscape Version 4.5, Frankfurt am Main (2016)
Tjoa, S.: A formal approach enabling risk-aware business process modeling and simulation. IEEE Trans. Serv. Comput. 4, 153–166 (2011). doi:10.1109/TSC.2010.17
Viehmann, J., Werner, F.: Risk assessment and security testing of large scale networked systems with RACOMAT. In: Seehusen, F., Felderer, M., Großmann, J., Wendland, M.-F. (eds.) RISK 2015. LNCS, vol. 9488, pp. 3–17. Springer, Cham (2015). doi:10.1007/978-3-319-26416-5_1
Bouti, A., Kadi, D.A.: A state-of-the-art review of FMEA/FMECA. Int. J. Reliab. Qual. Saf. Eng. 1, 515–543 (1994)
International Electrotechnical Commission: IEC 61025 Fault Tree Analysis (FTA) (1990)
International Electrotechnical Commission: IEC 60300-3-9 Dependability management – Part 3: Application guide – Section 9: Risk analysis of technological systems – Event Tree Analysis (ETA) (1995)
Rackham, G.: 2015. Banking Industry Architecture Network BIAN - How-to Guide v4: Applying the BIAN Standard, Frankfurt am Main (2016). https://bian.org/assets/bian-standards/bian-service-landscape-4-0/. Accessed 21 Mar 2016
Basel Committee on Banking Supervision 2016: Compilation of documents that form the global regulatory framework for capital and liquidity. https://www.bis.org/bcbs/basel3/compilation.htm. Accessed 30 Dec 2016
Kreditwesengesetz in der Fassung der Bekanntmachung vom 9. September 1998 (BGBl. I S. 2776), das durch Artikel 5 des Gesetzes vom 23. Dezember 2016 (BGBl. I S. 3171) geändert worden ist. https://www.gesetze-im-internet.de/kredwg/BJNR008810961.html. Accessed 30 Dec 2016
Mock, R., Corvo, M.: Risk analysis of information systems by event process chains. Int. J. Crit. Infrastruct. 1, 247 (2005). doi:10.1504/IJCIS.2005.006121
Gjære, E.A., Meland, P.H.: Threats management throughout the software service life-cycle. Electron. Proc. Theor. Comput. Sci. 148, 1–14 (2014). doi:10.4204/EPTCS.148.1
Jakoubi, S., Tjoa, S., Quirchmayr, G.: Rope: a methodology for enabling the risk-aware modelling and simulation of business processes. Presented at the ECIS 2007, AIS (2007)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2017 Springer International Publishing AG
About this paper
Cite this paper
Viehmann, J. (2017). Business Driven ICT Risk Management in the Banking Domain with RACOMAT. In: Großmann, J., Felderer, M., Seehusen, F. (eds) Risk Assessment and Risk-Driven Quality Assurance. RISK 2016. Lecture Notes in Computer Science(), vol 10224. Springer, Cham. https://doi.org/10.1007/978-3-319-57858-3_1
Download citation
DOI: https://doi.org/10.1007/978-3-319-57858-3_1
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-57857-6
Online ISBN: 978-3-319-57858-3
eBook Packages: Computer ScienceComputer Science (R0)