Assets Dependencies Model in Information Security Risk Management

被引:0
|
作者
Breier, Jakub [1 ,2 ]
Schindler, Frank [3 ]
机构
[1] Nanyang Technol Univ, Phys Anal & Cryptograph Engn, Temasek Labs, Singapore, Singapore
[2] Nanyang Technol Univ, Sch Phys & Math Sci, Div Math Sci, Singapore, Singapore
[3] Pan European Univ, Fac Informat, Bratislava, Slovakia
来源
INFORMATION AND COMMUNICATION TECHNOLOGY | 2014年 / 8407卷
关键词
Information Security Risk Management; Asset Valuation; Asset Dependency; Risk Analysis;
D O I
暂无
中图分类号
TP301 [理论、方法];
学科分类号
081202 ;
摘要
Information security risk management is a fundamental process conducted for the purpose of securing information assets in an organization. It usually involves asset identification and valuation, threat analysis, risk analysis and implementation of countermeasures. A correct asset valuation is a basis for accurate risk analysis, but there is a lack of works describing the valuation process with respect to dependencies among assets. In this work we propose a method for inspecting asset dependencies, based on common security attributes - confidentiality, integrity and availability. Our method should bring more detailed outputs from the risk analysis and therefore make this process more objective.
引用
收藏
页码:405 / 412
页数:8
相关论文
共 50 条
  • [41] Information Security Risk Management for Air Transport
    Volner, Rudolf
    Volner, L'ubomir
    [J]. 2011 IEEE INTERNATIONAL CARNAHAN CONFERENCE ON SECURITY TECHNOLOGY (ICCST), 2011,
  • [42] Improvement of Information System Security Risk Management
    Abbass, Wissam
    Baina, Amine
    Bellafkih, Mostafa
    [J]. 2016 4TH IEEE INTERNATIONAL COLLOQUIUM ON INFORMATION SCIENCE AND TECHNOLOGY (CIST), 2016, : 182 - 187
  • [43] Research on Enterprise Information Security Risk Management
    Wu Xiaoyan
    Yuan Hong
    Lin Hua
    [J]. PROCEEDINGS OF THE 10TH INTERNATIONAL CONFERENCE ON INNOVATION AND MANAGEMENT, 2013, : 924 - +
  • [44] Information Security Risk Management in a World of Services
    Lalanne, Vincent
    Munier, Manuel
    Gabillon, Alban
    [J]. 2013 ASE/IEEE INTERNATIONAL CONFERENCE ON SOCIAL COMPUTING (SOCIALCOM), 2013, : 586 - 593
  • [45] Development of a holistic model for the management of an enterprise's information assets
    Evans, Nina
    Price, James
    [J]. INTERNATIONAL JOURNAL OF INFORMATION MANAGEMENT, 2020, 54
  • [46] A game of information security investment considering security insurance and complementary information assets
    Qian, Xiaofei
    Yang, Wujuan
    Pei, Jun
    Liu, Xinbao
    Pardalos, Panos M.
    [J]. INTERNATIONAL TRANSACTIONS IN OPERATIONAL RESEARCH, 2022, 29 (03) : 1791 - 1824
  • [47] Management of Information Security Indicators under a Cognitive Security Model
    Andrade, Roberto
    Torres, Jenny
    Flores, Pamela
    [J]. 2018 IEEE 8TH ANNUAL COMPUTING AND COMMUNICATION WORKSHOP AND CONFERENCE (CCWC), 2018, : 478 - 483
  • [48] Cybersecurity Risk Management Scenarios for Teaching Information Security Management
    Allison, Jordan
    [J]. JOURNAL OF APPLIED SECURITY RESEARCH, 2024,
  • [49] A Quantitative Method for Multicriteria Analysis of the Assets of a Critical System in the Management Process of Information Security
    Firoiu, Marian
    Bacivarov, Ioan C.
    [J]. QUALITY-ACCESS TO SUCCESS, 2019, 20 (173): : 138 - 144
  • [50] A system dynamics model for information security management
    Nazareth, Derek L.
    Choi, Jae
    [J]. INFORMATION & MANAGEMENT, 2015, 52 (01) : 123 - 134
12345