Abstract
Loss measurement for personal information breach incidents can be used as a basis for decision making for information security investments. In this vein, reasonable loss measurement is important in determining information security policies. However, the previous research is focused on estimating the amount of loss which is incurred after incidents. In order to be base data for decision making, loss measurement should include incident-causing-factors before incidents occur. In this paper, we propose a loss measurement model based on an improved FAIR (Factor Analysis of Information Risk) risk analysis methodology. Additionally, we verify the effectiveness of the proposed model by applying it to a large scale personal information leakage case.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
Similar content being viewed by others
References
Yoo, J.H., et al.: Estimating Economic Damages from Internet Incidents. Information Society 15(1) (2008)
Lee, K.H.: Study on the Model for Estimation of Financial Loss due to the Industrial Information Leakage. Unpublished doctoral dissertation, Korea University Graduate School of Information Management Engineering (2009)
Han, C.H., et al.: A Quantitative Assessment Model of Private Information Breach. Journal of Society for e-Business Studies 15(4) (2011)
You, S.D., et al.: Determinants of Willingness to Pay for Personal Information Protection. Journal of The Korea Institute of Information Security & Cryptology 24(4) August 2014
Korea Online Privacy Association, Analysis of Social Costs in Personal Information Value and Leakage, Research report, September 2013
Chai, S.W.: Internet Infringement Accident Damage Costs Calculated Model. SIS 2006-KISA Symposium, June 2006
Song, H.I., et al.: Analysis of The Economic Value of Personal Information by the CVM Method. KISA Internet & Security Focus, Focus 2, May 2014
Ponemon Institute, September 04, 2015. http://www.ponemon.org/blog/ponemon-institute-releases-2014-cost-of-data-breach-global-analysis
Rezmierski, V., Carroll, A., Hine, J.: A Study on Incident Costs and Frequencies, USENIX Research report, August 2000
USENIX, Incident Cost Analysis and Modeling Project I-CAMP II, Report
Japan Network Security Association, 2009 Survey Report of Information Security Incident, Report, pp. 48, September 2010
FAIRWIKI, september 04, 2015. http://fairwiki.riskmanagementinsight.com
The Open Group, ISO/IEC 27005 Cookbook, Technical Guide, pp. 6, October 2010
Freund, J., Jones, J.: Measuring and Managing Information Risk A FAIR Approach, pp. 26 (2015)
Im Cha. http://navercast.naver.com/contents.nhn?rid=2871&contents_id=81880, Column
Company Guide. http://comp.fnguide.com.SVO2/asp/SVD_ijanal.asp?pGB=1&gicode=A066270&cID=&MenuYn=Y&ReportGB=&NewMenuID=110&stkGb=701
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2015 Springer Science+Business Media Singapore
About this paper
Cite this paper
Yun, J.H., Cho, I.H., Lee, K.H. (2015). FAIR-Based Loss Measurement Model for Enterprise Personal Information Breach. In: Park, DS., Chao, HC., Jeong, YS., Park, J. (eds) Advances in Computer Science and Ubiquitous Computing. Lecture Notes in Electrical Engineering, vol 373. Springer, Singapore. https://doi.org/10.1007/978-981-10-0281-6_116
Download citation
DOI: https://doi.org/10.1007/978-981-10-0281-6_116
Published:
Publisher Name: Springer, Singapore
Print ISBN: 978-981-10-0280-9
Online ISBN: 978-981-10-0281-6
eBook Packages: Computer ScienceComputer Science (R0)