ISRAM: information security risk analysis method

被引：118

作者：

Karabacak, B

Sogukpinar, I

机构：

[1] UEKAE, Natl Res Inst Elect & Cryptol, TR-41470 Gebze, Kocaeli, Turkey

[2] Gebze Inst Technol, TR-41400 Gebze, Kocaeli, Turkey

来源：

COMPUTERS & SECURITY | 2005年 / 24卷 / 02期

关键词：

information security; risk analysis; quantitative risk analysis; paper-based risk analysis; risk model;

D O I：

10.1016/j.cose.2004.07.004

中图分类号：

TP [自动化技术、计算机技术];

学科分类号：

0812 ;

摘要：

Continuously changing nature of technological environment has been enforcing to revise the process of information security risk analysis accordingly. A number of quantitative and qualitative risk analysis methods have been proposed by researchers and vendors. The purpose of these methods is to analyze today's information security risks property. Some of these methods are supported by a software package. In this study, a survey based quantitative approach is proposed to analyze security risks of information technologies by taking current necessities into consideration. The new method is named as Information Security Risk Analysis Method (ISRAM). Case study has shown that ISRAM yields consistent results in a reasonable time period by allowing the participation of the manager and staff of the organization. (c) 2004 Elsevier Ltd. All rights reserved.

引用

页码：147 / 159

页数：13

共 22 条

[1]

[Anonymous], INFORM MANAGEMENT CO

[2]

BILBAO A, 1992, CH3119592 IEEE

[3]

*C A SYST SEC LIM, 2000, EV US GUID

[4] Operationalizing IT risk management [J].

Coles, RS ;

Moulton, R .

COMPUTERS & SECURITY, 2003, 22 (06) :487-493

[5] From risk analysis to security requirements [J].

Gerber, M ;

von Solms, R .

COMPUTERS & SECURITY, 2001, 20 (07) :577-584

[6]

GORDON J, 1992, IEE C, P1

[7]

*ISF, 1997, SIMPL PRSCT RISK AN, P43

[8]

*ISO, 1999, ISO15408 1

[9]

*ISO, 1996, 13335 ISO 1

[10]

*ISO, 2000, 17799 ISO

← 1 2 3 →