Skip to main content
SpringerLink
Log in

The Improved Risk Analysis Mechanism in the Practical Risk Analysis System

  • Conference paper
Information Networking. Convergence in Broadband and Mobile Networking (ICOIN 2005)

Part of the book series: Lecture Notes in Computer Science ((LNCCN,volume 3391))

Included in the following conference series:

  • 968 Accesses

Abstract

The risk analysis system has a mechanism to evaluate and analysis the potential risk level in an organization IT system. To evaluate the Risk Level, it must be calculated the essential vulnerability that appear in various assets of organization, threats for these assets. These elements, vulnerabilities, threats and assets are the important factor to evaluate the risk level in an organization In this paper, we describe about design and implementation of a system using the practical risk analysis process that we propose. Furthermore we suggest the security countermeasure choice algorithm against the risk we found in an organization. Especially, The Security Countermeasure choice algorithm is implemented by using the Genetic-Algorithm restricted by some important factor. In this paper, we describe the design and implementation idea of the suggested genetic-algorithm module. Finally, We propose the main idea of the practical risk analysis process and the system using the risk analysis process that we propose in this paper.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 129.00
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 169.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. British Stands Institution(BSI), BS-7799 (1999)

    Google Scholar 

  2. CSE, A Guide to Security Risk Management for IT systems, Government of Canada, Communications Security Establishment (CSE) (1996)

    Google Scholar 

  3. NIST, CC ToolBox Reference Manual Version 6.0

    Google Scholar 

  4. Stonebumer, G., et al.: Risk Management Guide for Information Technology System NIST SP-800.30, NIST (January 2002)

    Google Scholar 

  5. Timms, M.: A Practical Approach to Risk Assessment, Compsec Computer Security Conference 1990 (October 1990)

    Google Scholar 

  6. Ruthber, Z., et al.: Guide to Auditing for Controls and Security: A System Development LifeCycle Approach. NBS Special Publication, 500-153 (April 1998)

    Google Scholar 

  7. NIST IR-4387, Simplified Risk Analysis Guideline, NIST (1990)

    Google Scholar 

  8. GAO, Informatin Security Risk Assessment - Practices of Leading Oranizations, - Case Study 1, GAO/AIMD-00-03 (November 1999)

    Google Scholar 

  9. GAO, Information Security Risk Assessment - Practices of Leading Organizations, - Case Study 3, GAO/AIMD-00-03 (November 1999)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. The Department of Computer Science, Chungnam National University, Daejeon, Korea

    SangCheol Hwang & JaeCheol Ryou

  2. National Security Research Institute, 62-1 Hwa-am-dong, Yu-seong-gu, Daejeon, 305-718, Republic of Korea

    NamHoon Lee & GungGil Park

  3. Faculty of Information Science and Electrical Engineering, Kyushu University, 6-10.1, Hakozaki, Higashi-ku, Fukuoka, 812-8581, Japan

    Kouichi Sakurai

Authors
  1. SangCheol Hwang
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. NamHoon Lee
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Kouichi Sakurai
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. GungGil Park
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. JaeCheol Ryou
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Department of Computer Science and Engineering, Pohang University of Science and Technology (POSTECH), San 31 HyoJa-Dong, Nam-Gu, 790-784, Pohang, Korea

    Cheeha Kim

Rights and permissions

Reprints and permissions

Copyright information

© 2005 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Hwang, S., Lee, N., Sakurai, K., Park, G., Ryou, J. (2005). The Improved Risk Analysis Mechanism in the Practical Risk Analysis System. In: Kim, C. (eds) Information Networking. Convergence in Broadband and Mobile Networking. ICOIN 2005. Lecture Notes in Computer Science, vol 3391. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-30582-8_87

Download citation

  • DOI: https://doi.org/10.1007/978-3-540-30582-8_87

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-540-24467-7

  • Online ISBN: 978-3-540-30582-8

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation