Abstract
There are standard risk analysis methodologies like GMITS and ISO17799, but new threats and vulnerabilities appear day by day because the IT organizations, its infrastructure, and its environment are changing. Accordingly, the methodologies must evolve in step with the change. Risk analysis methods are generally composed of asset identification, vulnerability analysis, safeguard identification, risk mitigation, and safeguard implementation. As the first process, the asset identification is important because the target scope of risk analysis is defined. This paper proposes a new approach, security risk vector, for evaluating assets quantitatively. A case study is presented.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Carnegie Mellon Software Engineering Institute, OCATVE Criteria, Version 2.0
BSI, BS7799 - Code of Practice for Information Security Management, British Standards Institute (1999)
General Accounting Office, Information Security Risk Assessment - Practices of Leading Organizations, Exposure Draft, U.S. General Accounting Office (August 1999)
ISO/IEC JTC 1/SC27,Information technology - Security technique - Guidelines for the management of IT security (GMITS) - Part 3: Techniques for the management of IT security, ISO/IEC JTC1/SC27 N1845, 12. 1 (1997)
Solm, R.: Information Security Management (2): Guidelines to The Management of Information Technology Security (GMITS). Information Management & Computer Security 6(5), 221–223 (1998); 11–21 (1999)
NIST, Risk Management Guide for Technology Systems, NIST-SP-800-30 (October 2001)
FIPS-65, Guidelines for Automatic Data Processing Risk Analysis, NIST (1975)
CRAMM, A Practitioner’s View of CRAMM, http://www.gammassl.co.uk/
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2005 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Chung, Y.J., Kim, I., Lee, N., Lee, T., In, H.P. (2005). Security Risk Vector for Quantitative Asset Assessment. In: Gervasi, O., et al. Computational Science and Its Applications – ICCSA 2005. ICCSA 2005. Lecture Notes in Computer Science, vol 3481. Springer, Berlin, Heidelberg. https://doi.org/10.1007/11424826_29
Download citation
DOI: https://doi.org/10.1007/11424826_29
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-25861-2
Online ISBN: 978-3-540-32044-9
eBook Packages: Computer ScienceComputer Science (R0)