Skip to main content
SpringerLink
Log in

A Quantitative Decision Support Model for Security and Business Continuity Management

  • Chapter
Securing Electronic Business Processes

Abstract

Risks and the business impact of a critical event are often difficult to quantify. In many cases, the strategic decisions with regard to mitigating risk and minimising financial damage must be taken on the basis of qualitative estimates and expert opinion. However, formulating a continuity and security strategy requires quantitative support across several dimensions: temporal, financial and systemic thresholds must be defined to ensure the optimum level of investment. The paper outlines a strategic decision support model for quantifying risk and business impact. It is further shown how the resulting risk management decisions of the firm can be optimised, and how typical problems of event (disaster) frequency and severity can be resolved. The paper builds on earlier research in audit, insurance and business continuity management to present an innovative approach towards this well-known problem.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Bamberg, G., A. G. Coenenberg. Betriebswirtschaftliche Entscheidungslehre. [Economic Decision Theory] 9th ed., Munich 1996.

    Google Scholar 

  2. Bank for International Settlements. Overview of The New Basel Capital Accord. Consultative Paper, April 2003.

    Google Scholar 

  3. Bank for International Settlements. Sound Practices for the Management and Supervision of Operational Risk. February 2003.

    Google Scholar 

  4. Brühwiler, B. Internationale Industrieversicherung: Risk-Management, Unternehmensführung, Erfolgsstrategien. [International Industrial Insurance: Risk Management, Corporate Leadership, Success Strategies] Karlsruhe, 1994.

    Google Scholar 

  5. Danielsson, J., P. et. al. An Academic Response to Basel EL Special Paper 130, LSE Financial Markets Group and ESRC Research Centre, May 2001.

    Google Scholar 

  6. Embrechts, P. Extreme Value Theory in Finance and Insurance. Zurich, 1999.

    Google Scholar 

  7. [EmKS02] Embrechts, P., R. Kaufmann, G. Samorodnitsky. Ruin theory revisited: stochastic models for operational risk. Zurich, 2002.

    Google Scholar 

  8. Embrechts, P., S. I. Resnick, G. Samorodnitsky. Extreme value theory as a risk management tool. Zurich, 1998.

    Google Scholar 

  9. Garz, H. S. Günther, C. Moriabadi. Portfolio-Management: Theorie und Anwendung [Portfolio Management: Theory and Applications]. Frankfurt: Bankakademie e. V., 1997.

    Google Scholar 

  10. Gartner Group. Business Continuity Benchmarking Program, 2000.

    Google Scholar 

  11. Haller, M. Risiko-Management — Eckpunkte eines integrierten Konzepts [Risk Management — Boundaries of an Integrated Concept], in Jacob, H. (ed.): Risiko-Management, vol. 33, Wiesbaden, 1986.

    Google Scholar 

  12. Imboden, C. Risikohandhabung: Ein entscheidungsbezogenes Verfahren. [Risk Handling: A Decision-oriented Method] Stuttgart / Bern, 1983

    Google Scholar 

  13. Kahneman, D., A. Tversky. Prospect Theory: An Analysis of Decision Under Risk. Econometrica, 47, 1979.

    Google Scholar 

  14. Kless, T. Beherrschung der Unternehmensrisiken: Aufgaben und Prozesse des Risikomanagements [Control of Corporate Risks: Tasks and Processes in Risk Management]. DStR, vol. 3, 1998.

    Google Scholar 

  15. Kreikebaum, H. Strategische Unternehmensplanung. [Corporate Strategic Planning] 6th ed., Stuttgart, 1997.

    Google Scholar 

  16. Küpper, H.-U. Controlling: Konzeption, Aufgaben und Instramente. [Controlling: Concepts, Tasks and Instruments] 2nd ed., Stuttgart 1997.

    Google Scholar 

  17. Lindeiner-Wildau, K. v. Risiken und Risikomanagement im Anlagenbau [Risks and Risk Management in Plant Engineering], in Funk, J., G. Laßmann. Langfristiges Anlagengeschäft — Risiko-Management und Controlling. ZfbF, Sonderheft Nr. 20, Düsseldorf 1986.

    Google Scholar 

  18. Linneweber, V. Zur veränderten Sozialpsychologie der Katastrophenprävention [On the Changed Social Psychology of Catastrophe Prevention], in Linneweber (Hrsg.), Zukünftige Bedrohungen durch (anthropogene) Naturkatastrophen. Deutsches Komitee für Katastrophenvorsorge e.V., 2001.

    Google Scholar 

  19. Myatt, P. B. Business Continuity: Going in for Analysis. Huntington Beach: Comdisco, 1999.

    Google Scholar 

  20. Neubürger, K. W. Chancen-und Risikobeurteilung im strategischen Management: die informatorische Lücke. [Evaluation of Opportunities and Risks in Strategic Management: The Information Gap] Stuttgart, 1989.

    Google Scholar 

  21. Pollner, J. D. Catastrophe Risk Management: Using Alternative Risk Financing and Insurance Pooling Mechanisms. World Bank Policy Research Paper 2560, 2001.

    Google Scholar 

  22. Hommel, U., G. Pritsch. Notwendigkeit des unternehmerischen Risikomanagements aus Shareholder-Value-Sicht [Corporate Risk Management Requirements from a Shareholder Value Perspective], in Achleitner, A.-K., G. Thoma (eds.). Handbuch Corporate Finance, Cologne 1997.

    Google Scholar 

  23. Renn, O. Risikowahrnehmung der Kernenergie [Risk Perception of Nuclear Power], Frankfurt: Campus, 1984.

    Google Scholar 

  24. Renn, O. Zur Soziologie von Katastrophen: Bewusstsein, Organisation und soziale Verarbeitung [On the Sociology of Catastrophes: Awareness, Organisation and Social Process], in Proceedings of the 2nd DKKV Forum on Catastrophe Prevention, September 2001.

    Google Scholar 

  25. Roessing, R. v. Robustheit und Kontinuität elektronischer Geschäftsprozesse [Robustness and Continuity in Electronic Business Processes]. Arbeitskonferenz Elektronische Geschäftsprozesse, St. Leon-Rot, 2002.

    Google Scholar 

  26. Runzheimer, B. Operations Research: Lineare Planungsrechnung, Netzplantechnik, Simulation und Warteschlangentheorie. [Operations Research: Linear Programming, Critical Path Analysis, Simulation and Queuing Theory] 7th ed., Wiesbaden 1999.

    Google Scholar 

  27. Streffer, C. et. al. Umweltstandards. Kombinierte Expositionen und ihre Auswirkungen auf den Menschen und seine Umwelt [Environmental Standards. Combined Exposures and their Impact on Man and Environment]. Wissenschaftsethik und Technikfolgenbeurteilung vol. 5. Berlin etc.: Springer, 2000.

    Google Scholar 

  28. Schlienkamp, C. Grundlagen der Asset Allocation [Fundamentals of Asset Allocation], in Eller, R. (ed.). Handbuch des Risikomanagements: Analyse, Quantifizierung und Steuerung von Marktrisiken in Banken und Sparkassen. Stuttgart, 1998.

    Google Scholar 

  29. Schuy, A. Risiko-Management: eine theoretische Analyse zum Risiko und Risikowirkungsprozeß unter besonderer Berücksichtigung des Marketing. Frankfurt, 1989.

    Google Scholar 

  30. Simon, H. Administrative Behavior. New York: Free Press, 1957.

    Google Scholar 

  31. Smith, D., A. Irwin. Public attitudes to technological risk: the contribution of survey data to public policy-making. Trans. Inst. Br. Geogr. N. S. 9: 419–26, 1984.

    Article  Google Scholar 

  32. Smith, D. Business Continuity Management Good Practice Guide. Worcester: The Business Continuity Institute, 2003.

    Google Scholar 

  33. Smith, D., C. Sipika. Back from the Brink — Post-Crisis Management. Long Range Planning, vol. 26 no. 1, 1993.

    Google Scholar 

  34. Turner, B. A. The Organizational and Interorganizational Development of Disasters. Administrative Science Quarterly, vol. 21, September 1976.

    Google Scholar 

  35. Strategy Unit. Risk: Improving government’s capability to handle risk and uncertainty. United Kingdom Cabinet Office, November 2002.

    Google Scholar 

  36. Wolf, K. B. Runzheimer. Risikomanagement und KonTraG. [Risk Management and the Business Control and Transparency Act 1998] 2nd ed., Stuttgart: Gabler, 2000.

    Google Scholar 

  37. [Wrob98] Wrobel, L. A. Conduct a Hard-Hitting Business Impact Analysis: Proven Tips for Success! Disaster Recovery Journal, 1998.

    Google Scholar 

  38. Yokomatsu, M., K. Kobayashi. Physical Asset Loss and Economic Benefits of Disaster Risk Mitigation. IIASA Laxenburg, 2001.

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Ernst & Young Austria, Austria

    Rolf von Roessing

Authors
  1. Rolf von Roessing
    View author publications

    You can also search for this author in PubMed Google Scholar

Rights and permissions

Reprints and permissions

Copyright information

© 2004 Friedr. Vieweg & Sohn Verlagsgesellschaft/GWV Fachverlage GmbH,Wiesbaden

About this chapter

Cite this chapter

von Roessing, R. (2004). A Quantitative Decision Support Model for Security and Business Continuity Management. In: Securing Electronic Business Processes. Vieweg+Teubner Verlag. https://doi.org/10.1007/978-3-322-84982-3_1

Download citation

  • DOI: https://doi.org/10.1007/978-3-322-84982-3_1

  • Publisher Name: Vieweg+Teubner Verlag

  • Print ISBN: 978-3-528-05887-6

  • Online ISBN: 978-3-322-84982-3

  • eBook Packages: Springer Book Archive

Publish with us

Policies and ethics

Search

Navigation