Quantitative Real-Time Organizational IT Risk Management

Up to now, no meaningful service-oriented risk management solutions exist because it is exceedingly difficult to make a serious assessment of risk in complex systems. Moreover, interdependencies in such a system require efficient techniques to correctly estimate and assess risks.

The main objective of the Decision Cockpit project, a cooperation between Deutsche Telekom Laboratories, Stanford University and DAI-Labor, is to model service-oriented risk management to get a holistic view of security, technological, business, and finance aspects of services, to provide better control over the risk, and to provide better risk mitigation approaches.

Decision Cockpit utilizes an extensive set of approaches from game theory, decision & control theory, statistics, machine learning and simulation to create meaningful tools for enhancing the process of service-oriented risk management. Resulting decisions and recommendations should consider the exposure that may result if a risk is not treated vs. the benefit if it is addressed, or the potential reward that may accrue if opportunities are taken vs. missed benefits if opportunities are foregone.

Furthermore, the approaches developed in Decision Cockpit will provide means to deal with complex interdependencies between assets and processes which result in unexpected risk transfers, where intuitive risk prioritization is inadequate and needs to be augmented with continuous interdependency analysis.

Based on these concepts, a framework will be developed to provide a uniform collaboration platform for the technologies produced by all parties involved in the project. The NeSSi²-based demonstrator will prove the impact of service oriented risk management scenarios that can be adapted based on the theoretical models and tools developed by the partners.

Recommendations will help evolve the process of service-oriented risk management as well as management guidance. Beyond the state-of-the-art, service oriented risk management will improve the quality of products and architectures in Deutsche Telekom. Additionally, risk assessment techniques will be beneficial in the design phase of the new products, services, applications and systems as well as on those obtained from external vendors.