Information security risk assessment model for risk management

Authors:
Dariusz Wawrzyniak
Affiliations:
University of Economics, Wroclaw, Poland
Venue:
TrustBus'06 Proceedings of the Third international conference on Trust, Privacy, and Security in Digital Business
Year:
2006

Citing 4
Cited 1

A model for evaluating IT security investments

Communications of the ACM - Has the Internet become indispensable?
Computer security strength and risk: a quantitative approach

Computer security strength and risk: a quantitative approach
An immunological approach to change detection: algorithms, analysis and implications

SP'96 Proceedings of the 1996 IEEE conference on Security and privacy
Return on Investment: Return on security investment - proving it's worth it

Network Security

Quantified security is a weak hypothesis: a critical survey of results and assumptions

NSPW '09 Proceedings of the 2009 workshop on New security paradigms workshop

Quantified Score

Hi-index	0.00

Visualization

Abstract

The article presents a simple model for the information security risk assessment. There are four main elements of the model: security threats, their business impact, security measures and their costs. The security measures – threats relationship matrix is the fundamental quantitative tool for the model. The model bases on well known methods like ALE, ROSI and ISRAM but allows for establishing more flexible and more precise metrics supporting the security management process at different organizational levels.