Secrets & Lies: Digital Security in a Networked World
Secrets & Lies: Digital Security in a Networked World
A Novel Security Risk Evaluation for Information Systems
FCST '07 Proceedings of the 2007 Japan-China Joint Workshop on Frontier of Computer Science and Technology
Assessing the risk of intercepting VoIP calls
Computer Networks: The International Journal of Computer and Telecommunications Networking
Hi-index | 0.00 |
Recently, organizations around the world are becoming aware of the need to run risk management programs in order to enhance their information security. However, the majority of the existing qualitative/empirical methods fail to adhere to the terminology defined by ISO 27000-series and treat deliberate threats in a misleading way. In this paper, a quantitative risk analysis approach for deliberate threats is introduced. The proposed approach follows the steps suggested by the ISO 27005 standard for risk management, extending them in order to focus on deliberate threats and the different information security incidents that realize them. It is based on three-levels: the conceptual foundation level, the modeling tools level and the mathematical foundation level. The conceptual foundation level defines and analyzes the terminology involved, using unified modeling language (UML) class diagrams. The modeling tools level introduces certain tools that assist in modeling the relations among different concepts. Finally, the mathematical foundation level includes all the different mathematical formulas and techniques used to estimate risk values for each threat.