Quantification, Optimization and Uncertainty Modeling in Information Security Risks: A Matrix-Based Approach

doi:10.4018/irmj.2010040103

Reference Hub

This research has been cited in:

Article
Potential Use of the Theory of Vulnerability in Information SystemsInformation Resources Management Journal10.4018/irmj.2012040102
Article
A Model for Estimating the Benefits from Network Security SystemsInternational Journal of Business Analytics10.4018/ijban.2014070101
Article
A Risk Management Model for an Academic Institution's Information SystemInformation Resources Management Journal10.4018/IRMJ.2018010104
Chapter
A Composite Risk Model for Optimizing Information System SecurityOptimizing Data and New Methods for Efficient Knowledge Discovery and Information Resources Management10.4018/978-1-7998-2235-6.ch004

Quantification, Optimization and Uncertainty Modeling in Information Security Risks: A Matrix-Based Approach

Sanjay Goel, Eitel J.M. Lauría

Source Title: Information Resources Management Journal (IRMJ)23(2)

ISSN: 1040-1628|EISSN: 1533-7979|EISBN13: 9781609603779|DOI: 10.4018/irmj.2010040103

Cite Article Cite Article

MLA

Goel, Sanjay, and Eitel J.M. Lauría. "Quantification, Optimization and Uncertainty Modeling in Information Security Risks: A Matrix-Based Approach." IRMJ vol.23, no.2 2010: pp.33-52. http://doi.org/10.4018/irmj.2010040103

APA

Goel, S. & Lauría, E. J. (2010). Quantification, Optimization and Uncertainty Modeling in Information Security Risks: A Matrix-Based Approach. Information Resources Management Journal (IRMJ), 23(2), 33-52. http://doi.org/10.4018/irmj.2010040103

Chicago

Goel, Sanjay, and Eitel J.M. Lauría. "Quantification, Optimization and Uncertainty Modeling in Information Security Risks: A Matrix-Based Approach," Information Resources Management Journal (IRMJ) 23, no.2: 33-52. http://doi.org/10.4018/irmj.2010040103

Export Reference

Favorite Full-Issue Download

View Full Text HTML

View Full Text PDF

Abstract

In this paper, the authors present a quantitative model for estimating security risk exposure for a firm. The model includes a formulation for the optimization of controls as well as determining sensitivity of the exposure of assets to different threats. The model uses a series of matrices to organize the data as groups of assets, vulnerabilities, threats, and controls. The matrices are then linked such that data is aggregated in each matrix and cascaded across the other matrices. The computations are reversible and transparent allowing analysts to answer what-if questions on the data. The exposure formulation is based on the Annualized Loss Expectancy (ALE) model, and uncertainties in the data are captured via Monte Carlo simulation. A mock case study based on a government agency is used to illustrate this methodology.

You do not own this content. Please login to recommend this title to your institution's librarian or purchase it from the IGI Global bookstore.

Username or email: *

Password: *

Forgot individual login password?

Create individual account

Quantification, Optimization and Uncertainty Modeling in Information Security Risks: A Matrix-Based Approach

MLA

APA

Chicago

Export Reference

Abstract

Request Access