Information Security Governance Analysis Using Probabilistic Relational Models

The presentation will concern my current research project aiming at developing a Probabilistic Relational Model (PRM) to support analysis of Information Security Governance (ISG) in an organization. The awareness of the important aspects of information security that ISG covers has increased among companies as it provides a holistic approach to protection of organizational assets. ISG considers components such as management commitment, organizational structures, user awareness, policies, processes, and technologies. In order to increase the understanding of the ISG structure and the dependencies between its different components, but also to perform various kinds of analysis, architectural models can be employed. This paper proposes the use of Probabilistic Relational Models (PRM) for analyzing process capability of mitigating information security vulnerabilities. Using the PRM enables inference between different ISG components expressed in probabilities, and also inference on the process capability. A concrete PRM which exemplifies how to govern the Risk process will further be presented, and thus showing how the PRM can be adapted to fit the analysis of a specific process in an organizational environment.