A security risk analysis model for information systems

Authors:
Hoh Peter In;Young-Gab Kim;Taek Lee;Chang-Joo Moon;Yoonjung Jung;Injung Kim
Affiliations:
Department of Computer Science and Engineering, Korea University, Seoul, Korea;Department of Computer Science and Engineering, Korea University, Seoul, Korea;Department of Computer Science and Engineering, Korea University, Seoul, Korea;Center for the Information Security Technology, Korea University, Seoul, Korea;National Security Research Institute, Daejeon, Korea;National Security Research Institute, Daejeon, Korea
Venue:
AsiaSim'04 Proceedings of the Third Asian simulation conference on Systems Modeling and Simulation: theory and applications
Year:
2004

Citing 2
Cited 4

Impact Analysis - Towards a Framework for Comparison

ICSM '93 Proceedings of the Conference on Software Maintenance
SP 800-30. Risk Management Guide for Information Technology Systems

SP 800-30. Risk Management Guide for Information Technology Systems

Modeling and Simulation for Security Risk Propagation in Critical Information Systems

Computational Intelligence and Security
Quantitative Risk Analysis and Evaluation in Information Systems: A Case Study

ICCS '07 Proceedings of the 7th international conference on Computational Science, Part III: ICCS 2007
A probabilistic approach to estimate the damage propagation of cyber attacks

ICISC'05 Proceedings of the 8th international conference on Information Security and Cryptology
Threat scenario-based security risk analysis using use case modeling in information systems

Security and Communication Networks

Quantified Score

Hi-index	0.01

Visualization

Abstract

Information security is a crucial technique for an organization to survive in these days. However, there is no integrated model to assess the security risk quantitatively and optimize its resources to protect organization information and assets effectively. In this paper, an integrated, quantitative risk analysis model is proposed including asset, threat and vulnerability evaluations by adapting software risk management techniques. It is expected to analyze security risk effectively and optimize resources to mitigate the risk.