Skip to main content
SpringerLink
Log in

Security Risk Vector for Quantitative Asset Assessment

  • Conference paper
Computational Science and Its Applications – ICCSA 2005 (ICCSA 2005)

Part of the book series: Lecture Notes in Computer Science ((LNTCS,volume 3481))

Included in the following conference series:

Abstract

There are standard risk analysis methodologies like GMITS and ISO17799, but new threats and vulnerabilities appear day by day because the IT organizations, its infrastructure, and its environment are changing. Accordingly, the methodologies must evolve in step with the change. Risk analysis methods are generally composed of asset identification, vulnerability analysis, safeguard identification, risk mitigation, and safeguard implementation. As the first process, the asset identification is important because the target scope of risk analysis is defined. This paper proposes a new approach, security risk vector, for evaluating assets quantitatively. A case study is presented.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 84.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 109.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Carnegie Mellon Software Engineering Institute, OCATVE Criteria, Version 2.0

    Google Scholar 

  2. BSI, BS7799 - Code of Practice for Information Security Management, British Standards Institute (1999)

    Google Scholar 

  3. General Accounting Office, Information Security Risk Assessment - Practices of Leading Organizations, Exposure Draft, U.S. General Accounting Office (August 1999)

    Google Scholar 

  4. ISO/IEC JTC 1/SC27,Information technology - Security technique - Guidelines for the management of IT security (GMITS) - Part 3: Techniques for the management of IT security, ISO/IEC JTC1/SC27 N1845, 12. 1 (1997)

    Google Scholar 

  5. Solm, R.: Information Security Management (2): Guidelines to The Management of Information Technology Security (GMITS). Information Management & Computer Security 6(5), 221–223 (1998); 11–21 (1999)

    Google Scholar 

  6. NIST, Risk Management Guide for Technology Systems, NIST-SP-800-30 (October 2001)

    Google Scholar 

  7. FIPS-65, Guidelines for Automatic Data Processing Risk Analysis, NIST (1975)

    Google Scholar 

  8. CRAMM, A Practitioner’s View of CRAMM, http://www.gammassl.co.uk/

Download references

Author information

Authors and Affiliations

  1. Electronics and Telecommunication Research Institute, Republic of Korea, Daejon, South Korea

    Yoon Jung Chung, InJung Kim & NamHoon Lee

  2. Department of Computer Science and Engineering, Korea University, Seoul, South Korea

    Taek Lee & Hoh Peter In

Authors
  1. Yoon Jung Chung
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. InJung Kim
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. NamHoon Lee
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Taek Lee
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Hoh Peter In
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Department of Mathematics and Computer Science, University of Perugia, via Vanvitelli, 1, I-06123, Perugia, Italy

    Osvaldo Gervasi

  2. Department of Computer Science, University of Calgary, 2500 University Drive N.W., T2N 1N4, Calgary, AB, Canada

    Marina L. Gavrilova

  3. William Norris Professor, Head of the Computer Science and Engineering Department, University of Minnesota, USA

    Vipin Kumar

  4. Department of Chemistry, University of Perugia, Via Elce di Sotto, 8, P.O. Box, I-06123, Perugia, Italy

    Antonio Laganà

  5. Institute of High Performance Computing, IHCP, 1 Science Park Road, 01-01 The Capricorn, Singapore Science Park II, 117528, Singapore

    Heow Pueh Lee

  6. School of Computing, Soongsil University, Seoul, Korea

    Youngsong Mun

  7. Clayton School of IT, Monash University, 3800, Clayton, Australia

    David Taniar

  8. OptimaNumerics Ltd, P.O. Box, Belfast, United Kingdom

    Chih Jeng Kenneth Tan

Rights and permissions

Reprints and permissions

Copyright information

© 2005 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Chung, Y.J., Kim, I., Lee, N., Lee, T., In, H.P. (2005). Security Risk Vector for Quantitative Asset Assessment. In: Gervasi, O., et al. Computational Science and Its Applications – ICCSA 2005. ICCSA 2005. Lecture Notes in Computer Science, vol 3481. Springer, Berlin, Heidelberg. https://doi.org/10.1007/11424826_29

Download citation

  • DOI: https://doi.org/10.1007/11424826_29

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-540-25861-2

  • Online ISBN: 978-3-540-32044-9

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation