Abstract
In the paper, we presented the method of safeguard selection for the effective risk mitigation using a qualitative method. We provided the suitable selection method of safeguard’s method/technique according to risk type, and performed cost-benefit analysis. In the selection of the safeguard method, we recommended the suitable method among risk avoidance, transference, prevention, threats reduction and impacts reduction, etc. according to risk type. After selecting the safeguard method, we chose the safeguard technique considering organization’s IT system capability such as IT system and network structure, functionality, exclusiveness and achievability of safeguard, etc. And then, we applied the safeguard technique to the safeguard method for implement effective security technology. We performed cost-benefit analysis with candidate safeguards, considering organization’s security budget. As performing this procedure, we can decide optimal safeguards with methods and techniques against risk’s types before implementing safeguards. We also can prevent redundant works and security budgets waste as analyzing the efficiency of existing safeguard. Lastly, we reflected the organization’s CEO opinions to require special safeguards for the specific information system related to their core business.
This research was supported by the MIC (Ministry of Information and Communication), Korea, under the ITRC (Information Technology Research Center) support program supervised by the IITA.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
ISO/IEC, T.R.: 13335(Part 1): Concepts and Models for IT Security, ISO/IEC JTC1/SC 27 (1996)
ISO/IEC TR 13335(Part 2): Managing and Planning IT Security, ISO/IEC JTC1/SC 27 (1997)
ISO/IEC TR 13335(Part 3):Techniques for the Management of IT Security, ISO/IEC JTC1/SC 27 (1997)
NIST Special Publication 800-30: Computer Security-Risk Management Guide, NIST (2001)
Jenkins, B.D.: Security risk analysis and management. Countermeasures, Inc. (1998)
BS 7799-Guide to Risk Assessment and Risk management. BSI (1998)
Alberts, C.J., et al.: OCTAVE: Operationally Critical Threat, Asset, and Vulnerability Evaluation. Software Engineering Institute Carnegie Mellon (1999)
CSE MG-3: A Guide to Risk Assessment and Safeguard Selection For Information Technology Systems. Communications Security Establishment (January 1996)
Risk Analysis and Management Standards for Public Information Systems Security-Concepts and Models, TTA-Korea (1998)
Risk Analysis and Management Standards for Public Information Systems Security-Risk Analysis, TTA-Korea (2000)
Eom, J.H., Lee, S.H., Chung, T.M.: A study on the Simplified Cost-Benefit Analysis to Select Safeguards against Risks in the Risk Management. In: SAM 2002, June 2002, pp. 292–297 (2002)
Ramamoorthy, C.V., Chandra, C., Ishihara, S., Ng, Y.: Knowledge Based Tools for Risk Assessment in software Development and Reuse, pp. 364–371. IEEE, Los Alamitos (1993)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2006 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Eom, JH., Lee, SH., Lim, HJ., Chung, TM. (2006). Qualitative Method-Based the Effective Risk Mitigation Method in the Risk Management. In: Gavrilova, M.L., et al. Computational Science and Its Applications - ICCSA 2006. ICCSA 2006. Lecture Notes in Computer Science, vol 3981. Springer, Berlin, Heidelberg. https://doi.org/10.1007/11751588_26
Download citation
DOI: https://doi.org/10.1007/11751588_26
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-34072-0
Online ISBN: 978-3-540-34074-4
eBook Packages: Computer ScienceComputer Science (R0)