Modeling and Simulation of Selected Operational IT Risks in the Banking Sector (Extended Version)

International banks need to estimate their operational risks due to external regulations. Based on their estimations they need to provide private capital to cover potential losses caused by these risks. Therefore, operational risks need to be properly measured and managed in order to reduce the required private capital. In this paper we discuss operational risks related to a typical banking business process that is enabled by an IT landscape. We present how risks related to the operational behavior of the IT landscape can be simulated. The simulation results help to estimate risk measures like the expected loss, the value-at-risk and the expected shortfall. We further sketch how control theory can be used to actively manage the dynamic reconguration of a service landscape, in order to minimize modeled operational risks. First experimental simulation results illustrate our approach.