A conceptual model for computer security risk analysis

2003 ◽  
Author(s):  
D.J. Bodeaum
Keyword(s):  
Risk Analysis ◽  
Computer Security ◽  
Conceptual Model ◽  
Security Risk

Security Protection for Critical Infrastructure

2011 ◽  
pp. 609-615
Author(s):  
M. J. Warren
Keyword(s):  
Information Technology ◽  
Risk Analysis ◽  
Computer Security ◽  
Critical Infrastructure ◽  
Information Infrastructure ◽  
Information Warfare ◽  
Security Risk ◽  
Security Risks ◽  
Information Technology Security ◽  
Information Interchange

Understanding and managing information infrastructure (II) security risks is a priority to most organizations dealing with information technology and information warfare (IW) scenarios today (Libicki, 2000). Traditional security risk analysis (SRA) was well suited to these tasks within the paradigm of computer security, where the focus was on securing tangible items such as computing and communications equipment (NCS,1996; Cramer, 1998). With the growth of information interchange and reliance on information infrastructure, the ability to understand where vulnerabilities lie within an organization, regardless of size, has become extremely difficult (NIPC, 1996). To place a value on the information that is owned and used by an organization is virtually an impossible task. The suitability of risk analysis to assist in managing IW and information infrastructure-related security risks is unqualified, however studies have been undertaken to build frameworks and methodologies for modeling information warfare attacks (Molander, Riddile, & Wilson, 1996; Johnson, 1997; Hutchinson & Warren, 2001) which will assist greatly in applying risk analysis concepts and methodologies to the burgeoning information technology security paradigm, information warfare.

scholarly journals A Method of Simplifying the Asset Dependency Cycle in Security Risk Analysis

2021 ◽  
Vol 1077 (1) ◽  
pp. 012002
Author(s):  
Edri Yunizal ◽  
Judhi Santoso ◽  
Kridanto Surendro
Keyword(s):  
Risk Analysis ◽  
Security Risk

An Analytical Study of Methodologies and Tools for Enterprise Information Security Risk Management

2017 ◽  
pp. 1-20
Author(s):  
Jaya Bhattacharjee ◽  
Anirban Sengupta ◽  
Mridul Sankar Barik ◽  
Chandan Mazumdar
Keyword(s):  
Risk Analysis ◽  
Business Processes ◽  
Security Risk ◽  
Enterprise Information ◽  
Security Controls ◽  
Business Operations ◽  
Levels Of Detail ◽  
Information Security Risk ◽  
Ict Infrastructure ◽  
Security Risk Management

An enterprise is characterized by its business processes and supporting ICT infrastructure. Securing these entities is of utmost importance for the survival of an enterprise and continuity of its business operations. In order to secure them, it is important to first detect the risks that can be realized to cause harm to those entities. Over the years, several kinds of security risk analysis methodologies have been proposed. They cater to different categories of enterprise entities and consider varying levels of detail during risk analysis. An enterprise often finds it difficult to select a particular method that will best suit its purpose. This paper attempts to address this problem by presenting a detailed study of existing risk analysis methodologies. The study classifies them into specific categories and performs comparative analyses considering different parameters addressed by the methodologies, including asset type, vulnerabilities, threats, and security controls.

Security of Railway Infrastructures

2012 ◽  
pp. 355-379
Author(s):  
A. Di Febbraro ◽  
F. Papa ◽  
N. Sacco
Keyword(s):  
Risk Analysis ◽  
Real World ◽  
Analysis Tool ◽  
Security Risk ◽  
Input Output ◽  
Real World Data ◽  
Security Problem ◽  
Output Characteristics ◽  
General Architecture

The chapter is organized as follows: In section 1, the basic definitions of the security risk analysis and the characteristics of the railway security problem are introduced, and a bibliography review is reported. Then, in section 2, the general architecture for designing a security risk analysis tool is presented, focusing on the relevant specifications, and on the input/output characteristics. Therefore, in section 3, with the aim of pointing out the characteristics of the presented architecture, an explicative case study is defined based on real world data coming from Italian railways. Finally, some conclusions and remarks are discussed in chapter 4.

Risk Analysis of ICT Assets

2019 ◽  
pp. 175-193
Author(s):  
Hamed H. Dadmarz
Keyword(s):  
Information Security ◽  
Risk Analysis ◽  
Human Resources ◽  
Business Owners ◽  
Insurance Company ◽  
Security Risk ◽  
Business Goals ◽  
Top Managers ◽  
Information Security Risk ◽  
Information Assets

Risk analysis is required in all companies to help the business owners or top managers make decisions about risk management strategy, which itself provides an organization with a roadmap for information and information infrastructure protection aligned to business goals and the organization's risk profile. This chapter identifies information assets including network, electricity, hardware, service, software, and human resources in the ICT department of a health insurance company and their relevant risks. To determine the risks, the level of confidentiality, level of integrity, level of availability, the likelihood of threat occurrence, and intensity of vulnerability have been assessed and rated. Assessment is done based on the opinions of 30 experts in the field of information security. According to the results, the highest information security risk is on the network.

Sign in / Sign up

Export Citation Format

Share Document