Skip to main content

FAIR-Based Loss Measurement Model for Enterprise Personal Information Breach

  • Conference paper
  • First Online:
Advances in Computer Science and Ubiquitous Computing

Part of the book series: Lecture Notes in Electrical Engineering ((LNEE,volume 373))

  • 1842 Accesses

Abstract

Loss measurement for personal information breach incidents can be used as a basis for decision making for information security investments. In this vein, reasonable loss measurement is important in determining information security policies. However, the previous research is focused on estimating the amount of loss which is incurred after incidents. In order to be base data for decision making, loss measurement should include incident-causing-factors before incidents occur. In this paper, we propose a loss measurement model based on an improved FAIR (Factor Analysis of Information Risk) risk analysis methodology. Additionally, we verify the effectiveness of the proposed model by applying it to a large scale personal information leakage case.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Subscribe and save

Springer+ Basic
$34.99 /Month
  • Get 10 units per month
  • Download Article/Chapter or eBook
  • 1 Unit = 1 Article or 1 Chapter
  • Cancel anytime
Subscribe now

Buy Now

Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

Similar content being viewed by others

References

  1. Yoo, J.H., et al.: Estimating Economic Damages from Internet Incidents. Information Society 15(1) (2008)

    Google Scholar 

  2. Lee, K.H.: Study on the Model for Estimation of Financial Loss due to the Industrial Information Leakage. Unpublished doctoral dissertation, Korea University Graduate School of Information Management Engineering (2009)

    Google Scholar 

  3. Han, C.H., et al.: A Quantitative Assessment Model of Private Information Breach. Journal of Society for e-Business Studies 15(4) (2011)

    Google Scholar 

  4. You, S.D., et al.: Determinants of Willingness to Pay for Personal Information Protection. Journal of The Korea Institute of Information Security & Cryptology 24(4) August 2014

    Google Scholar 

  5. Korea Online Privacy Association, Analysis of Social Costs in Personal Information Value and Leakage, Research report, September 2013

    Google Scholar 

  6. Chai, S.W.: Internet Infringement Accident Damage Costs Calculated Model. SIS 2006-KISA Symposium, June 2006

    Google Scholar 

  7. Song, H.I., et al.: Analysis of The Economic Value of Personal Information by the CVM Method. KISA Internet & Security Focus, Focus 2, May 2014

    Google Scholar 

  8. Ponemon Institute, September 04, 2015. http://www.ponemon.org/blog/ponemon-institute-releases-2014-cost-of-data-breach-global-analysis

  9. Rezmierski, V., Carroll, A., Hine, J.: A Study on Incident Costs and Frequencies, USENIX Research report, August 2000

    Google Scholar 

  10. USENIX, Incident Cost Analysis and Modeling Project I-CAMP II, Report

    Google Scholar 

  11. Japan Network Security Association, 2009 Survey Report of Information Security Incident, Report, pp. 48, September 2010

    Google Scholar 

  12. FAIRWIKI, september 04, 2015. http://fairwiki.riskmanagementinsight.com

  13. The Open Group, ISO/IEC 27005 Cookbook, Technical Guide, pp. 6, October 2010

    Google Scholar 

  14. Freund, J., Jones, J.: Measuring and Managing Information Risk A FAIR Approach, pp. 26 (2015)

    Google Scholar 

  15. Im Cha. http://navercast.naver.com/contents.nhn?rid=2871&contents_id=81880, Column

  16. Company Guide. http://comp.fnguide.com.SVO2/asp/SVD_ijanal.asp?pGB=1&gicode=A066270&cID=&MenuYn=Y&ReportGB=&NewMenuID=110&stkGb=701

Download references

Author information

Authors and Affiliations

Authors

Corresponding author

Correspondence to Kyung Ho Lee .

Editor information

Editors and Affiliations

Rights and permissions

Reprints and permissions

Copyright information

© 2015 Springer Science+Business Media Singapore

About this paper

Cite this paper

Yun, J.H., Cho, I.H., Lee, K.H. (2015). FAIR-Based Loss Measurement Model for Enterprise Personal Information Breach. In: Park, DS., Chao, HC., Jeong, YS., Park, J. (eds) Advances in Computer Science and Ubiquitous Computing. Lecture Notes in Electrical Engineering, vol 373. Springer, Singapore. https://doi.org/10.1007/978-981-10-0281-6_116

Download citation

  • DOI: https://doi.org/10.1007/978-981-10-0281-6_116

  • Published:

  • Publisher Name: Springer, Singapore

  • Print ISBN: 978-981-10-0280-9

  • Online ISBN: 978-981-10-0281-6

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics