Model-Based Mitigation of Availability Risks

Emmanuele Zambon, D. Bolzoni, Sandro Etalle, Marco Salvato

    Research output: Chapter in Book/Report/Conference proceedingConference contributionAcademicpeer-review

    160 Downloads (Pure)


    The assessment and mitigation of risks related to the availability of the IT infrastructure is becoming increasingly important in modern organizations. Unfortunately, present standards for Risk Assessment and Mitigation show limitations when evaluating and mitigating availability risks. This is due to the fact that they do not fully consider the dependencies between the constituents of an IT infrastructure that are paramount in large enterprises. These dependencies make the technical problem of assessing availability issues very challenging. In this paper we define a method and a tool for carrying out a Risk Mitigation activity which allows to assess the global impact of a set of risks and to choose the best set of countermeasures to cope with them. To this end, the presence of a tool is necessary due to the high complexity of the assessment problem. Our approach can be integrated in present Risk Management methodologies (e.g. COBIT) to provide a more precise Risk Mitigation activity. We substantiate the viability of this approach by showing that most of the input required by the tool is available as part of a standard business continuity plan, and/or by performing a common tool-assisted Risk Management.
    Original languageUndefined
    Title of host publicationSecond IEEE/IFIP International Workshop on Business-Driven IT Management
    Place of PublicationMunich
    PublisherIEEE Computer Society Press
    Number of pages9
    ISBN (Print)1-4244-1295-1
    Publication statusPublished - 21 May 2007
    EventSecond IEEE/IFIP International Workshop on Business-Driven IT Management, Munich, Germany: Second IEEE/IFIP International Workshop on Business-Driven IT Management - Munich
    Duration: 21 May 2007 → …

    Publication series

    PublisherIEEE Computer Society Press


    ConferenceSecond IEEE/IFIP International Workshop on Business-Driven IT Management, Munich, Germany
    Period21/05/07 → …


    • SCS-Cybersecurity
    • organisational aspects
    • EWI-9927
    • Risk Management
    • IR-67134
    • Business data processing
    • DP management
    • METIS-241638

    Cite this