Assets Dependencies Model in Information Security Risk Management

被引：0

作者：

Breier, Jakub ^{[1
,2
]}

Schindler, Frank ^{[3
]}

机构：

[1] Nanyang Technol Univ, Phys Anal & Cryptograph Engn, Temasek Labs, Singapore, Singapore

[2] Nanyang Technol Univ, Sch Phys & Math Sci, Div Math Sci, Singapore, Singapore

[3] Pan European Univ, Fac Informat, Bratislava, Slovakia

来源：

INFORMATION AND COMMUNICATION TECHNOLOGY | 2014年 / 8407卷

关键词：

Information Security Risk Management; Asset Valuation; Asset Dependency; Risk Analysis;

D O I：

暂无

中图分类号：

TP301 [理论、方法];

学科分类号：

081202 ;

摘要：

Information security risk management is a fundamental process conducted for the purpose of securing information assets in an organization. It usually involves asset identification and valuation, threat analysis, risk analysis and implementation of countermeasures. A correct asset valuation is a basis for accurate risk analysis, but there is a lack of works describing the valuation process with respect to dependencies among assets. In this work we propose a method for inspecting asset dependencies, based on common security attributes - confidentiality, integrity and availability. Our method should bring more detailed outputs from the risk analysis and therefore make this process more objective.

引用

页码：405 / 412

页数：8

共 50 条

[1] Information security risk assessment model for risk management
Wawrzyniak, Dariusz
[J]. TRUST, PRIVACY, AND SECURITY IN DIGITAL BUSINESS, PROCEEDINGS, 2006, 4083 : 21 - 30
[2] Assessing the risk of an information infrastructure through security dependencies
Baiardi, F.
Suin, S.
Telmon, C.
Pioli, M.
[J]. CRITICAL INFORMATION INFRASTRUCTURES SECURITY, 2006, 4347 : 42 - +
[3] A situation awareness model for information security risk management
Webb, Jeb
Ahmad, Atif
Maynard, Sean B.
Shanks, Graeme
[J]. COMPUTERS & SECURITY, 2014, 44 : 1 - 15
[4] Information Security Risk Management Model for Big Data
Yang, Min
[J]. ADVANCES IN MULTIMEDIA, 2022, 2022
[5] Fuzzy OWA Model for Information Security Risk Management
Imamverdiev, Ya. N.
Derakshande, S. A.
[J]. AUTOMATIC CONTROL AND COMPUTER SCIENCES, 2011, 45 (01) : 20 - 28
[6] A Quantitative Model for Information-Security Risk Management
Bojanc, Rok
Jerman-Blazic, Borka
[J]. ENGINEERING MANAGEMENT JOURNAL, 2013, 25 (02) : 25 - 37
[7] An Information Security Risk Management Model for Smart Industries
Sohrabi Safa, Nader
Maple, Carsten
Watson, Tim
[J]. ADVANCES IN MANUFACTURING TECHNOLOGY XXXI, 2017, 6 : 257 - 262
[8] The Information Security Risk Management
Semin, Valeriy G.
Shmakova, Elena G.
Los, Lexei B.
[J]. PROCEEDINGS OF THE 2017 INTERNATIONAL CONFERENCE QUALITY MANAGEMENT,TRANSPORT AND INFORMATION SECURITY, INFORMATION TECHNOLOGIES (IT&QM&IS), 2017, : 106 - 109
[9] Information security and risk management
Bodin, Lawrence D.
Gordon, Lawrence A.
Loeb, Martin P.
[J]. COMMUNICATIONS OF THE ACM, 2008, 51 (04) : 64 - 68
[10] A Proposed Taxonomy of Assets for Information Security Risk Assessment (ISRA)
Shamala, Palaniappan
Ahmad, Rabiah
[J]. 2014 4TH WORLD CONGRESS ON INFORMATION AND COMMUNICATION TECHNOLOGIES (WICT), 2014, : 29 - 33

← 1 2 3 4 5 →