Using incident response trees as a tool for risk management of online financial services

<?xml version="1.0" encoding="UTF-8"?><modsCollection xmlns="http://www.loc.gov/mods/v3" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://www.loc.gov/mods/v3 http://www.loc.gov/standards/mods/v3/mods-3-8.xsd">
<mods version="3.8">
<titleInfo>
<title>Using incident response trees as a tool for risk management of online financial services</title>
</titleInfo>
<name type="personal" usage="primary" xmlns:xlink="http://www.w3.org/1999/xlink" xlink:href="MAPA20140025510">
<namePart>Gorton, Dan</namePart>
<nameIdentifier>MAPA20140025510</nameIdentifier>
</name>
<typeOfResource>text</typeOfResource>
<genre authority="marcgt">periodical</genre>
<originInfo>
<place>
<placeTerm type="code" authority="marccountry">esp</placeTerm>
</place>
<dateIssued encoding="marc">2014</dateIssued>
<issuance>serial</issuance>
</originInfo>
<language>
<languageTerm type="code" authority="iso639-2b">spa</languageTerm>
</language>
<physicalDescription>
<form authority="marcform">print</form>
</physicalDescription>
<abstract displayLabel="Summary">The article introduces the use of probabilistic risk assessment for modeling the incident response process of online financial services. The main contribution is the creation of incident response trees, using event tree analysis, which provides us with a visual tool and a systematic way to estimate the probability of a successful incident response process against the currently known risk landscape, making it possible to measure the balance between front-end and back-end security measures. The model is presented using an illustrative example, and is then applied to the incident response process of a Swedish bank. Access to relevant data is verified and the applicability and usability of the proposed model is verified using one year of historical data. Potential advantages and possible shortcomings are discussed, referring to both the design phase and the operational phase, and future work is presented.</abstract>
<note type="statement of responsibility">Dan Gorton</note>
<subject xmlns:xlink="http://www.w3.org/1999/xlink" xlink:href="MAPA20080591182">
<topic>Gerencia de riesgos</topic>
</subject>
<subject xmlns:xlink="http://www.w3.org/1999/xlink" xlink:href="MAPA20080601522">
<topic>Evaluación de riesgos</topic>
</subject>
<subject xmlns:xlink="http://www.w3.org/1999/xlink" xlink:href="MAPA20080611613">
<topic>Modelos probabílisticos</topic>
</subject>
<subject xmlns:xlink="http://www.w3.org/1999/xlink" xlink:href="MAPA20080574628">
<topic>Árbol de sucesos</topic>
</subject>
<subject xmlns:xlink="http://www.w3.org/1999/xlink" xlink:href="MAPA20080603908">
<topic>Servicios financieros</topic>
</subject>
<subject xmlns:xlink="http://www.w3.org/1999/xlink" xlink:href="MAPA20080579159">
<topic>Banca electrónica</topic>
</subject>
<subject xmlns:xlink="http://www.w3.org/1999/xlink" xlink:href="MAPA20080541064">
<topic>Fraude</topic>
</subject>
<subject xmlns:xlink="http://www.w3.org/1999/xlink" xlink:href="MAPA20080571566">
<topic>Casos prácticos</topic>
</subject>
<classification authority="">7</classification>
<relatedItem type="host">
<titleInfo>
<title>Risk analysis : an international journal</title>
</titleInfo>
<originInfo>
<publisher>McLean, Virginia : Society for Risk Analysis, 1987-2015</publisher>
</originInfo>
<identifier type="issn">0272-4332</identifier>
<identifier type="local">MAP20077000345</identifier>
<part>
<text>01/09/2014 Volumen 34 Número 9 - septiembre 2014 , p. 1763-1774</text>
</part>
</relatedItem>
<recordInfo>
<recordContentSource authority="marcorg">MAP</recordContentSource>
<recordCreationDate encoding="marc">141118</recordCreationDate>
<recordChangeDate encoding="iso8601">20150130130248.0</recordChangeDate>
<recordIdentifier source="MAP">MAP20140042722</recordIdentifier>
<languageOfCataloging>
<languageTerm type="code" authority="iso639-2b">spa</languageTerm>
</languageOfCataloging>
</recordInfo>
</mods>
</modsCollection>