A new quantitative approach for information security risk assessment

被引：6

作者：

Asosheh, Abbas ^{[1
]}

Dehmoubed, Bijan ^{[2
]}

Khani, Amir ^{[2
]}

机构：

[1] Tarbiat Modares Univ, Dept Ind Engn, Tehran, Iran

[2] Univ Tehran, Fac Management, Dept Informat Technol Management, Tehran 14174, Iran

来源：

2009 2ND IEEE INTERNATIONAL CONFERENCE ON COMPUTER SCIENCE AND INFORMATION TECHNOLOGY, VOL 2 | 2009年

关键词：

information security; information asset; risk assessment; return on investment;

D O I：

10.1109/ICCSIT.2009.5234391

中图分类号：

TP [自动化技术、计算机技术];

学科分类号：

0812 ;

摘要：

This article represent a new quantitative approach for assessing the overall information security risks in the real business environment. The new approach is based on Microsoft and Callio Secura approach which are common and practical approaches in the world. The advantage of this approach is that the organization can determine its business risk and the return on security investment.

引用

页码：222 / +

页数：2

共 18 条

[1] Model-based risk assessment to improve enterprise security [J].

Aagedal, JO ;

den Braber, F ;

Dimitrakos, T ;

Gran, BA ;

Raptis, D ;

Stolen, K .

SIXTH INTERNATIONAL ENTERPRISE DISTRIBUTED OBJECT COMPUTING CONFERENCE, PROCEEDINGS, 2002, :51-62

[2]

ADAR E, 2005, 1 IEEE INT WORKSH VO

[3]

[Anonymous], 2006, SECURITY RISK MANAGE

[4]

BREU R, 2008, AV REL SEC 2008 ARES

[5]

Cheng XY, 2006, PROCEEDINGS OF 2006 INTERNATIONAL CONFERENCE ON MACHINE LEARNING AND CYBERNETICS, VOLS 1-7, P3573

[6]

Farahmand F., 2003, Managing Vulnerabilities of Information Systems to Security Incidents, P348

[7]

FEGLAR T, 2004, IEEE INT ENG MAN C S

[8]

Kajava J., 2006, IEEE. ss, P2091

[9]

Krutz R, 2004, CISSP PREP GUIDE

[10]

Kwon S.-W., 2006, Vehicular Technology Conference, P1, DOI DOI 10.1109/IAS.2006.256807

← 1 2 →