Quantitative Risk Analysis and Evaluation in Information Systems: A Case Study

Authors:
Young-Gab Kim;Jongin Lim
Affiliations:
Graduate School of Information Management and Security, Center for Information Security Technologies (CIST), Korea University, 1, 5-ga, Anam-dong, SungBuk-gu, 136-701, Seoul, Korea;Graduate School of Information Management and Security, Center for Information Security Technologies (CIST), Korea University, 1, 5-ga, Anam-dong, SungBuk-gu, 136-701, Seoul, Korea
Venue:
ICCS '07 Proceedings of the 7th international conference on Computational Science, Part III: ICCS 2007
Year:
2007

Citing 4
Cited 0

Agent-oriented technology in support of e-business

Communications of the ACM
Probability and statistics with reliability, queuing and computer science applications

Probability and statistics with reliability, queuing and computer science applications
A security risk analysis model for information systems

AsiaSim'04 Proceedings of the Third Asian simulation conference on Systems Modeling and Simulation: theory and applications
A probabilistic approach to estimate the damage propagation of cyber attacks

ICISC'05 Proceedings of the 8th international conference on Information Security and Cryptology

Quantified Score

Hi-index	0.00

Visualization

Abstract

The rapid growth of the Internet technology has encouraged organizations to protect their information assets. Furthermore, the need for risk analysis has become very important for organizations. However, the existing risk analysis just presents the guidelines that can be used to determine the security measures but do not support how to evaluate the risks quantitatively. Therefore, in this paper, the quantitative risk evaluation model based on the Markov process, especially for the case of interrelated threats, is proposed. In addition, in order to analyze the relationship between threats, the basic analysis method using the covariance and the correlation coefficient is presented.