A quantitative assessment of security risks based on a multifaceted classification approach

被引：5

作者：

Jouini, Mouna ^{[1
]}

Rabai, Latifa Ben Arfa ^{[1
,2
]}

Khedri, Ridha ^{[3
]}

机构：

[1] Univ Tunis, SMART Lab, ISG Tunis, Tunis, Tunisia

[2] Univ Buraimi, Coll Business, Al Buraimi, Oman

[3] McMaster Univ, Dept Comp & Software, Hamilton, ON, Canada

来源：

INTERNATIONAL JOURNAL OF INFORMATION SECURITY | 2021年 / 20卷 / 04期

基金：

加拿大自然科学与工程研究理事会;

关键词：

Information security; Security metrics; Quantitative security assessment; Threat classification; Cloud computing; Ranking methods; Measurement scale; INFORMATION SECURITY; THREATS; MODEL;

D O I：

10.1007/s10207-020-00515-6

中图分类号：

TP [自动化技术、计算机技术];

学科分类号：

0812 ;

摘要：

Information systems and cloud computing infrastructures are frequently exposed to various types of threats. Without detection and prevention mechanisms, the threats can materialize and cause different types of damages that usually lead to significant financial losses. The threats arise from a complex and multifaceted environment. Currently, organizations are struggling to identify the threats to their information assets and assess the overall damage they might inflict to their systems. In order to empower mangers to better plan for shielding their information systems, the paper presents two main contributions. First, a new approach to threat classification that leads to a security assessment model that is systematic, extendable, and modular. Second, a quantitative analysis of information systems based on the model.

引用

页码：493 / 510

页数：18

共 50 条

[1] A quantitative assessment of security risks based on a multifaceted classification approach
Mouna Jouini
Latifa Ben Arfa Rabai
Ridha Khedri
[J]. International Journal of Information Security, 2021, 20 : 493 - 510
[2] THE CLASSIFICATION AND QUANTITATIVE ASSESSMENT OF INNOVATION PROJECT RISKS
Kulik, Y. A.
Volovich, V. N.
Privalov, N. G.
Kozlovsky, A. N.
[J]. JOURNAL OF MINING INSTITUTE, 2012, 197 : 124 - 128
[3] Security Assessment of Clickjacking Risks in Web Applications: Metrics Based Approach
Shahriar, Hossain
Haddad, Hisham
[J]. 30TH ANNUAL ACM SYMPOSIUM ON APPLIED COMPUTING, VOLS I AND II, 2015, : 791 - 797
[4] A Quantitative Assessment Approach to COTS Component Security
Chen, Jinfu
Lu, Yansheng
Wang, Huanhuan
Mao, Chengying
[J]. MATHEMATICAL PROBLEMS IN ENGINEERING, 2013, 2013
[5] COMPETING RISKS IN A QUANTITATIVE RISK ASSESSMENT - ONE APPROACH
MARGOSCHES, EH
BAYARD, S
[J]. BIOMETRICS, 1985, 41 (02) : 579 - 579
[6] Quantitative method of risks assessment of information security for multi component threats
Muratkhan, R.
Satybaldina, D. Zh.
[J]. BULLETIN OF THE KARAGANDA UNIVERSITY-MATHEMATICS, 2014, 75 (03): : 103 - 110
[7] A Multifaceted Approach to Oral Assessment Based on the Conformer Architecture
Fan, Zhixing
Li, Jing
Wumaier, Aishan
Kadeer, Zaokere
Abdurahman, Abdujelil
[J]. IEEE ACCESS, 2023, 11 : 28318 - 28329
[8] A Multidimensional Approach Towards a Quantitative Assessment of Security Threats
Jouini, Mouna
Rabai, Latifa Ben Arfa
Khedri, Ridha
[J]. 6TH INTERNATIONAL CONFERENCE ON AMBIENT SYSTEMS, NETWORKS AND TECHNOLOGIES (ANT-2015), THE 5TH INTERNATIONAL CONFERENCE ON SUSTAINABLE ENERGY INFORMATION TECHNOLOGY (SEIT-2015), 2015, 52 : 507 - 514
[9] Cyber Security Risk Modelling and Assessment: A Quantitative Approach
Sokri, Abderrahmane
[J]. PROCEEDINGS OF THE 18TH EUROPEAN CONFERENCE ON CYBER WARFARE AND SECURITY (ECCWS 2019), 2019, : 466 - 474
[10] A new quantitative approach for information security risk assessment
Asosheh, Abbas
Dehmoubed, Bijan
Khani, Amir
[J]. 2009 2ND IEEE INTERNATIONAL CONFERENCE ON COMPUTER SCIENCE AND INFORMATION TECHNOLOGY, VOL 2, 2009, : 222 - +

← 1 2 3 4 5 →