Fuzzy Sets, Fuzzy Logic, and Fuzzy Systems: Selected Papers by Lotfi A. Zadeh
Fuzzy Sets, Fuzzy Logic, and Fuzzy Systems: Selected Papers by Lotfi A. Zadeh
A framework for comparing different information security risk analysis methodologies
SAICSIT '05 Proceedings of the 2005 annual research conference of the South African institute of computer scientists and information technologists on IT research in developing countries
ICISS'05 Proceedings of the First international conference on Information Systems Security
SP 800-30. Risk Management Guide for Information Technology Systems
SP 800-30. Risk Management Guide for Information Technology Systems
| Hi-index | 0.00 |
As Enterprise information infrastructure is becoming more and more complex, and connected, amount of risks to enterprise assets is increasing. Hence, the process of identification, analysis, and mitigation of Information Security risks has assumed utmost importance. This paper presents a quantitative information security risk analysis methodology for enterprises. The proposed methodology incorporates two approaches. Consolidated approach identifies risk as a single value for each asset. Detailed approach identifies the threat-vulnerability pair responsible for a risk and computes a risk factor corresponding to each security property for every asset. The assets are classified into three different risk zones namely high, medium and low risk zone. For high-risk assets, management may install high cost infrastructure to safeguard an asset; for medium-risk assets, management may apply security policies, guidelines and procedures; management may decide not to invest anything for assets at low-risk.