A Novel Security Risk Evaluation for Information Systems

2007 ◽  
Author(s):  
Zaobin Gan ◽  
Jiufei Tang ◽  
Ping Wu ◽  
Vijay Varadharajan
Keyword(s):  
Information Systems ◽  
Risk Evaluation ◽  
Security Risk

Extension and Unascertained Measure for Evaluation of Information Systems Security

2010 ◽  
Vol 20-23 ◽  
pp. 190-195
Author(s):  
Hua Wang Shi ◽  
Yong Deng
Keyword(s):  
Information System ◽  
Information Systems ◽  
Risk Evaluation ◽  
Measure Theory ◽  
Element Model ◽  
Security Risk ◽  
Factors Affecting ◽  
Is Security ◽  
Novel Method ◽  
Matter Element Model

Quantitative security risk evaluation of information systems is increasingly drawing more and more attention. The purpose of this paper is to propose a novel method integrated extension theory and unascertained method to classification for information systems (IS) security. The risks of information system are established on the basis of analyzing the factors affecting the risks of information system by applying the unascertained measure theory. Using matter-element theory, the extensibility of IS security is analyzed, and then the framework of matter-element models for IS security is formed. The matter element model of IS security risk evaluation is established using matter element model theory based on extension engineering method. Theoretical analysis and the design principle of the proposed method are described in detail. Some simulations are performed to demonstrate the effectiveness of the proposed extension and unascertained method. The result is believed to provide new means and ideas for the evaluation of IS security. The method is suitable for evaluating the risks of IS. Its evaluating results are reasonable. An example of practical application is given to show the effectiveness of this method. The model is more efficient than former models and can be easily realized in practice.

A Practical Conflicting Role-based Cloud Security Risk Evaluation Method

2019 ◽  
Vol 13 ◽  
Author(s):  
Jin Han ◽  
Jing Zhan ◽  
Xiaoqing Xia ◽  
Xue Fan
Keyword(s):  
Risk Evaluation ◽  
Evaluation Method ◽  
Service Providers ◽  
Risk Preferences ◽  
Cloud Service ◽  
Cloud Security ◽  
Third Party ◽  
Security Evaluation ◽  
Security Risk ◽  
Cloud Users

Background: Currently, Cloud Service Provider (CSP) or third party usually proposes principles and methods for cloud security risk evaluation, while cloud users have no choice but accept them. However, since cloud users and cloud service providers have conflicts of interests, cloud users may not trust the results of security evaluation performed by the CSP. Also, different cloud users may have different security risk preferences, which makes it difficult for third party to consider all users' needs during evaluation. In addition, current security evaluation indexes for cloud are too impractical to test (e.g., indexes like interoperability, transparency, portability are not easy to be evaluated). Methods: To solve the above problems, this paper proposes a practical cloud security risk evaluation method of decision-making based on conflicting roles by using the Analytic Hierarchy Process (AHP) with Aggregation of Individual priorities (AIP). Results: Not only can our method bring forward a new index system based on risk source for cloud security and corresponding practical testing methods, but also can obtain the evaluation result with the risk preferences of conflicting roles, namely CSP and cloud users, which can lay a foundation for improving mutual trusts between the CSP and cloud users. The experiments show that the method can effectively assess the security risk of cloud platforms and in the case where the number of clouds increased by 100% and 200%, the evaluation time using our methodology increased by only by 12% and 30%. Conclusion: Our method can achieve consistent decision based on conflicting roles, high scalability and practicability for cloud security risk evaluation.

scholarly journals INFORMATION SECURITY MANAGEMENT STRATEGY ANALYSIS USING SYSTEM DYNAMICS MODELING

JOURNAL ASRO ◽  
2018 ◽  
Vol 9 (2) ◽  
pp. 107
Author(s):  
Arie Marbandi ◽  
Ahmadi Ahmadi ◽  
Adi Bandono ◽  
Okol S Suharyo
Keyword(s):  
Information Systems ◽  
Information Security ◽  
System Dynamics ◽  
Security Management ◽  
Security Risk ◽  
Dynamics Modeling ◽  
Strategy Analysis ◽  
Information Security Management ◽  
Security Costs ◽  
Alternative Choice

Handling information security management is an absolute thing to do for organizations that have information systems to support the organization's operations. Information systems consisting of assets both software and hardware that manage data and information that are spread over networks and the internet, make it vulnerable to threats. Therefore investment and costs are needed to secure it. Costs incurred for this need are not small, but investment expenditures and information security costs carried out need serious handling to be more effective and on target. The System Dynamics Model is used to evaluate alternative strategies to demonstrate the effectiveness of investment and the cost of managing information security through simulation of policy changes. System Dynamics are methods for describing models and systems analysis that are dynamic and complex, consisting of variables that influence each other in the form of causal relationships and feedback between variables that are either reinforcing or giving balance. Simulation using a dynamic system model in this study illustrates that the management of risk assessment followed by vulnerability reduction efforts has a very large impact on the management of information security. By making a difference in the value of security tools investment, this provides an alternative choice in information security risk management investments to achieve the effectiveness of the overall costs incurred in managing information security

Sign in / Sign up

Export Citation Format

Share Document