A Formal Methodology for Enterprise Information Security Risk Assessment

被引：0

作者：

Bhattacharjee, Jaya ^{[1
]}

Sengupta, Anirban ^{[1
]}

Mazumdar, Chandan ^{[1
]}

机构：

[1] Jadavpur Univ, Ctr Distributed Comp, Kolkata, India

来源：

2013 INTERNATIONAL CONFERENCE ON RISKS AND SECURITY OF INTERNET AND SYSTEMS (CRISIS) | 2013年

关键词：

D O I：

暂无

中图分类号：

TP [自动化技术、计算机技术];

学科分类号：

0812 ;

摘要：

Assets are valuable for an enterprise as they help to execute its business activities. They contain vulnerabilities, which, if exploited by threats, can cause harm to an enterprise. Risk assessment is the process of identifying potential harm (risks) that may occur if vulnerabilities are exploited by threats. Existing methodologies for assessing risks are inadequate as they fail to consider important aspects of risk elements, like asset dependency, vulnerability dependency, etc. This paper presents a formal risk assessment methodology that considers these issues during risk computation, and also identifies the actual contributors to risk values.

引用

页数：9

共 50 条

[1] Overview of Enterprise Information Needs in Information Security Risk Assessment
Korman, Matus
Ekstedt, Mathias
Sommestad, Teodor
Hallberg, Jonas
Bengtsson, Johan
[J]. PROCEEDINGS OF THE 2014 IEEE 18TH INTERNATIONAL ENTERPRISE DISTRIBUTED OBJECT COMPUTING CONFERENCE (EDOC 2014), 2014, : 42 - 51
[2] A Formal Methodology for Procedural Security Assessment
Weldemariam, Komminist
Villafiorita, Adolfo
[J]. 5TH INTERNATIONAL CONFERENCE ON DIGITAL SOCIETY (ICDS 2011), 2011, : 146 - 151
[3] Methodology of quantitative risk assessment for information system security
Lin, MQ
Wang, QM
Li, JH
[J]. COMPUTATIONAL INTELLIGENCE AND SECURITY, PT 2, PROCEEDINGS, 2005, 3802 : 526 - 531
[4] Modifications of the Formal Risk Analysis and Assessment for the Information System Security
El Fray, Imed
Wilinski, Artur
[J]. ADVANCES IN SCIENCE AND TECHNOLOGY-RESEARCH JOURNAL, 2024, 18 (02) : 317 - 332
[5] A two-phase quantitative methodology for enterprise information security risk analysis
[J]. 1600, CRL Publishing (29):
[6] A two-phase quantitative methodology for enterprise information security risk analysis
Bhattacharjee, Jaya
Sengupta, Anirban
Mazumdar, Chandan
Barik, Mridul Sankar
[J]. COMPUTER SYSTEMS SCIENCE AND ENGINEERING, 2014, 29 (01): : 5 - 17
[7] Towards a formal specification method for enterprise information system security
Sengupta, Anirban
Barik, Mridul Sankar
[J]. INFORMATION SYSTEMS SECURITY, PROCEEDINGS, 2006, 4332 : 373 - +
[8] The Security Risk Assessment Methodology
Liu, Chunlin
Tan, Chong-Kuan
Fang, Yea-Saen
Lok, Tat-Seng
[J]. INTERNATIONAL SYMPOSIUM ON SAFETY SCIENCE AND ENGINEERING IN CHINA, 2012, 2012, 43 : 600 - 609
[9] Application of Big Data Technology in Enterprise Information Security Management and Risk Assessment
Wang, Yawen
Xue, Weixian
Zhang, Anqi
[J]. JOURNAL OF GLOBAL INFORMATION MANAGEMENT, 2023, 31 (03)
[10] Research on Operating Data Analysis for Enterprise Intranet Information Security Risk Assessment
Wang, Hao
Li, Junhao
Liu, Dong
[J]. PROCEEDINGS OF 2018 12TH IEEE INTERNATIONAL CONFERENCE ON ANTI-COUNTERFEITING, SECURITY, AND IDENTIFICATION (ASID), 2018, : 72 - 76

← 1 2 3 4 5 →