2010 Poster Sessions : Quantitative Models for Security Risk Management in Information Technology-Intensive Organizations

Student Name : Jeff Mounzer
Advisor : Nicholas Bambos
Research Areas: Information Systems
Abstract:
Security risk management is becoming increasingly important in areas related to information technology (IT), such as telecommunications, cloud computing, banking information systems, etc. Most approaches to security risk management currently used in industry are relatively ad hoc and qualitative in nature. We consider the problem of developing systematic quantitative frameworks for security risk management, which integrate risk modeling, assessment, and mitigation through mathematical techniques such as dynamic programming and diffusion processes over graphs. Approaching the problem in this way can shed light on the complex interconnected nature of security risks across the various components of an IT organization, providing decision-making support to the risk manager. The effectiveness of such frameworks is demonstrated through numerical studies which show that these techniques have significant cost-saving potential.

Bio:
Jeffrey Mounzer is a 2nd year PhD student working with Nick Bambos in Stanford University’s Information Systems Laboratory. He received a B.S. in Electrical Engineering and a B.A. in Economics from the University of California, San Diego in 2008. His current research interests include risk management for organizations with complex networked structures, distributed power control for wireless networks, and optimization and control for smart grid applications.