Information Security Risk Assessment by using Bayesian Learning Technique

The organisations need an information security risk management to evaluate asset's values and related risks. The risk management is usually a human activity which includes risk assessment, strategy development and risk mitigation by using managerial resources. The significant part of risk assessment which identifies threats and vulnerabilities, is very relevant to the past incidents, their likelihood and impacts. The problem is the risk identification and evaluation of new assets according to their properties, current security controls and consequences of before incidents. According to this problem, a system that could assist experts or works on behalf of them to assess the risks during the normal working processes is required. The system should be reactive and autonomous because it is needed to respond immediately and independently of events. An intelligent software agent is the best solution for this aim. It learns risk of past experiences regarding to risk factors and asset's properties, and predicts the probability of new risk for a new instance. This article will describe an intelligent system which is based on Bayesian Learning Technique for Information Security Risk Assessment.