Business driven ICT risk management in the banking domain with RACOMAT

Bringing business risk management and technical security risk management together is one of the major challenges banks currently struggle with in order to increase their resilience against cyber security threats. This short paper presents a systematic approach for such an integrated security risk management which is currently developed in cooperation with a system-relevant bank. The approach uses well known methods and existing standards, it takes advantage of knowledge databases and available generic domain specific models. A first case study has just started. With tool support and especially with a high level of automation the presented approach might become applicable even for large banks