Skip to main content
SpringerLink
Log in

A Security Risk Analysis Model for Information Systems

  • Conference paper
Systems Modeling and Simulation: Theory and Applications (AsiaSim 2004)

Part of the book series: Lecture Notes in Computer Science ((LNAI,volume 3398))

Included in the following conference series:

Abstract

Information security is a crucial technique for an organization to survive in these days. However, there is no integrated model to assess the security risk quantitatively and optimize its resources to protect organization information and assets effectively. In this paper, an integrated, quantitative risk analysis model is proposed including asset, threat and vulnerability evaluations by adapting software risk management techniques. It is expected to analyze security risk effectively and optimize resources to mitigate the risk.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 84.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 109.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. GAO, Information Security Risk Assessment - Practices of Leading Organizations. Case Study 3, GAO/AIMD-00-33 (November 1999)

    Google Scholar 

  2. NIST, Guide for Selecting Automated Risk Analysis Tools. NIST-SP-500-174 (October 1989)

    Google Scholar 

  3. FIPS-191, Specifications for Guideline for The Analysis Local Area Network Security. NIST (November 1994)

    Google Scholar 

  4. NIST, Risk Management Guide for Information Technology Systems. NIST-SP-800-30 (2001)

    Google Scholar 

  5. FIPS-65, Guidelines for Automatic Data Processing Risk Analysis, NIST (1975)

    Google Scholar 

  6. GAO, Information Security Risk Assessment - Practices of Leading Organizations, Exposure Draft, U.S. General Accounting Office (August 1999)

    Google Scholar 

  7. BSI, BS7799 - Code of Practice for Information Security Management, British Standards Institute (1999)

    Google Scholar 

  8. CRAMM, A Practitioner’s View of CRAMM, http://www.gammassl.co.uk/

  9. ISO/IEC JTC 1/SC27, Information technology - Security technique - Guidelines for the management of IT security (GMITS) - Part 3: Techniques for the management of IT security, ISO/IEC JTC1/SC27 N1845 (1997)

    Google Scholar 

  10. Arnold, R.S., Bohner, S.A.: Impact Analysis. Towards a Framework for Comparison. In: Proceedings of Conference on Software Maintenance, pp. 292–301. IEEE CS Press, Los Alamitos (1993)

    Google Scholar 

  11. Stoneburner, G., Goguen, A., Feringa, A.: Risk Management Guide for Information Technology Systems. Special Publication 800-30, National Institute of Standards and Technology (October 2001)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Department of Computer Science and Engineering, Korea University, 1, 5-ga, Anam-dong, SungBuk-gu, 136-701, Seoul, Korea

    Hoh Peter In, Young-Gab Kim & Taek Lee

  2. Center for the Information Security Technology, Korea University, 1, 5-ga, Anam-dong, SungBuk-gu, 136-701, Seoul, Korea

    Chang-Joo Moon

  3. National Security Research Institute, 62-1 HwaAm-dong, YuSeong-gu, 305-718, Daejeon, Korea

    Yoonjung Jung & Injung Kim

Authors
  1. Hoh Peter In
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Young-Gab Kim
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Taek Lee
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Chang-Joo Moon
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Yoonjung Jung
    View author publications

    You can also search for this author in PubMed Google Scholar

  6. Injung Kim
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Department of Computer Science & Engineering, Korea University, 1, 5-ga, Anam-dong, SungBuk-gu, 136-701, Seoul, Korea

    Doo-Kwon Baik

Rights and permissions

Reprints and permissions

Copyright information

© 2005 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

In, H.P., Kim, YG., Lee, T., Moon, CJ., Jung, Y., Kim, I. (2005). A Security Risk Analysis Model for Information Systems. In: Baik, DK. (eds) Systems Modeling and Simulation: Theory and Applications. AsiaSim 2004. Lecture Notes in Computer Science(), vol 3398. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-30585-9_56

Download citation

  • DOI: https://doi.org/10.1007/978-3-540-30585-9_56

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-540-24477-6

  • Online ISBN: 978-3-540-30585-9

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation