Supporting vulnerability awareness in autonomic networks and systems with OVAL
Proceedings of the 7th International Conference on Network and Services Management
Planning in the large: efficient generation of IT change plans on large infrastructures
Proceedings of the 8th International Conference on Network and Service Management
Collaborative remediation of configuration vulnerabilities in autonomic networks and systems
Proceedings of the 8th International Conference on Network and Service Management
| Hi-index | 0.00 |
In the Change Management process within IT Service Management, some activities need to evaluate the risk exposure associated with changes to be made to the infrastructure and services. The paper presents a method to evaluate risk exposure associated with a change. Further, we show how to use the risk exposure metric to automatically assign priorities to changes. The formal model developed for this purpose captures the business perspective by using financial metrics in the evaluation of risk. Thus the method is an example of Business-Driven IT Management. A case study, performed in conjunction with a large IT service provider, is reported and provides good results when compared to decisions made by human managers.