Abstract
Information security is a crucial technique for an organization to survive in these days. However, there is no integrated model to assess the security risk quantitatively and optimize its resources to protect organization information and assets effectively. In this paper, an integrated, quantitative risk analysis model is proposed including asset, threat and vulnerability evaluations by adapting software risk management techniques. It is expected to analyze security risk effectively and optimize resources to mitigate the risk.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
GAO, Information Security Risk Assessment - Practices of Leading Organizations. Case Study 3, GAO/AIMD-00-33 (November 1999)
NIST, Guide for Selecting Automated Risk Analysis Tools. NIST-SP-500-174 (October 1989)
FIPS-191, Specifications for Guideline for The Analysis Local Area Network Security. NIST (November 1994)
NIST, Risk Management Guide for Information Technology Systems. NIST-SP-800-30 (2001)
FIPS-65, Guidelines for Automatic Data Processing Risk Analysis, NIST (1975)
GAO, Information Security Risk Assessment - Practices of Leading Organizations, Exposure Draft, U.S. General Accounting Office (August 1999)
BSI, BS7799 - Code of Practice for Information Security Management, British Standards Institute (1999)
CRAMM, A Practitioner’s View of CRAMM, http://www.gammassl.co.uk/
ISO/IEC JTC 1/SC27, Information technology - Security technique - Guidelines for the management of IT security (GMITS) - Part 3: Techniques for the management of IT security, ISO/IEC JTC1/SC27 N1845 (1997)
Arnold, R.S., Bohner, S.A.: Impact Analysis. Towards a Framework for Comparison. In: Proceedings of Conference on Software Maintenance, pp. 292–301. IEEE CS Press, Los Alamitos (1993)
Stoneburner, G., Goguen, A., Feringa, A.: Risk Management Guide for Information Technology Systems. Special Publication 800-30, National Institute of Standards and Technology (October 2001)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2005 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
In, H.P., Kim, YG., Lee, T., Moon, CJ., Jung, Y., Kim, I. (2005). A Security Risk Analysis Model for Information Systems. In: Baik, DK. (eds) Systems Modeling and Simulation: Theory and Applications. AsiaSim 2004. Lecture Notes in Computer Science(), vol 3398. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-30585-9_56
Download citation
DOI: https://doi.org/10.1007/978-3-540-30585-9_56
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-24477-6
Online ISBN: 978-3-540-30585-9
eBook Packages: Computer ScienceComputer Science (R0)