Search

Using incident response trees as a tool for risk management of online financial services

<?xml version="1.0" encoding="UTF-8"?><collection xmlns="http://www.loc.gov/MARC21/slim" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://www.loc.gov/MARC21/slim http://www.loc.gov/standards/marcxml/schema/MARC21slim.xsd">
  <record>
    <leader>00000cab a2200000   4500</leader>
    <controlfield tag="001">MAP20140042722</controlfield>
    <controlfield tag="003">MAP</controlfield>
    <controlfield tag="005">20150130130248.0</controlfield>
    <controlfield tag="008">141118e20140901esp|||p      |0|||b|spa d</controlfield>
    <datafield tag="040" ind1=" " ind2=" ">
      <subfield code="a">MAP</subfield>
      <subfield code="b">spa</subfield>
      <subfield code="d">MAP</subfield>
    </datafield>
    <datafield tag="084" ind1=" " ind2=" ">
      <subfield code="a">7</subfield>
    </datafield>
    <datafield tag="100" ind1="1" ind2=" ">
      <subfield code="0">MAPA20140025510</subfield>
      <subfield code="a">Gorton, Dan</subfield>
    </datafield>
    <datafield tag="245" ind1="1" ind2="0">
      <subfield code="a">Using incident response trees as a tool for risk management of online financial services</subfield>
      <subfield code="c">Dan Gorton</subfield>
    </datafield>
    <datafield tag="520" ind1=" " ind2=" ">
      <subfield code="a">The article introduces the use of probabilistic risk assessment for modeling the incident response process of online financial services. The main contribution is the creation of incident response trees, using event tree analysis, which provides us with a visual tool and a systematic way to estimate the probability of a successful incident response process against the currently known risk landscape, making it possible to measure the balance between front-end and back-end security measures. The model is presented using an illustrative example, and is then applied to the incident response process of a Swedish bank. Access to relevant data is verified and the applicability and usability of the proposed model is verified using one year of historical data. Potential advantages and possible shortcomings are discussed, referring to both the design phase and the operational phase, and future work is presented.</subfield>
    </datafield>
    <datafield tag="650" ind1=" " ind2="4">
      <subfield code="0">MAPA20080591182</subfield>
      <subfield code="a">Gerencia de riesgos</subfield>
    </datafield>
    <datafield tag="650" ind1=" " ind2="4">
      <subfield code="0">MAPA20080601522</subfield>
      <subfield code="a">Evaluación de riesgos</subfield>
    </datafield>
    <datafield tag="650" ind1=" " ind2="4">
      <subfield code="0">MAPA20080611613</subfield>
      <subfield code="a">Modelos probabílisticos</subfield>
    </datafield>
    <datafield tag="650" ind1=" " ind2="4">
      <subfield code="0">MAPA20080574628</subfield>
      <subfield code="a">Árbol de sucesos</subfield>
    </datafield>
    <datafield tag="650" ind1=" " ind2="4">
      <subfield code="0">MAPA20080603908</subfield>
      <subfield code="a">Servicios financieros</subfield>
    </datafield>
    <datafield tag="650" ind1=" " ind2="4">
      <subfield code="0">MAPA20080579159</subfield>
      <subfield code="a">Banca electrónica</subfield>
    </datafield>
    <datafield tag="650" ind1=" " ind2="4">
      <subfield code="0">MAPA20080541064</subfield>
      <subfield code="a">Fraude</subfield>
    </datafield>
    <datafield tag="650" ind1=" " ind2="4">
      <subfield code="0">MAPA20080571566</subfield>
      <subfield code="a">Casos prácticos</subfield>
    </datafield>
    <datafield tag="773" ind1="0" ind2=" ">
      <subfield code="w">MAP20077000345</subfield>
      <subfield code="t">Risk analysis : an international journal</subfield>
      <subfield code="d">McLean, Virginia : Society for Risk Analysis, 1987-2015</subfield>
      <subfield code="x">0272-4332</subfield>
      <subfield code="g">01/09/2014 Volumen 34 Número 9 - septiembre 2014 , p. 1763-1774</subfield>
    </datafield>
  </record>
</collection>