CBR (Case-Based Reasoning) Evaluation Modeling for Security Risk Analysis in Information Security System

2008 ◽  
Author(s):  
Young-hwan Bang ◽  
Jung-gwon Kim ◽  
Il-sun Hwang
Keyword(s):  
Information Security ◽  
Risk Analysis ◽  
Security System ◽  
Case Based Reasoning ◽  
Security Risk ◽  
Case Based

IRISK METHOD FOR SECURITY ESTIMATION OF THE SIMULATION POLYGON FOR THE PROTECTION OF CRITICAL INFORMATION RESOURCES

2019 ◽  
Author(s):  
Bogdan Korniyenko ◽  
Lilia Galata
Keyword(s):  
Risk Assessment ◽  
Information System ◽  
Information Security ◽  
Risk Analysis ◽  
Information Resources ◽  
Security System ◽  
Assessment System ◽  
Automated System ◽  
Information Risk ◽  
Critical Information

In this article, the research of information system protection by ana­ ly­ zing the risks for identifying threats for information security is considered. Information risk analysis is periodically conducted to identify information security threats and test the information security system. Currently, various information risk analysis techni­ ques exist and are being used, the main difference being the quantitative or qualitative risk assessment scales. On the basis of the existing methods of testing and evaluation of the vulnerabilities for the automated system, their advantages and disadvantages, for the possibility of further comparison of the spent resources and the security of the information system, the conclusion was made regarding the deter­ mi­ nation of the optimal method of testing the information security system in the context of the simulated polygon for the protection of critical information resources. A simula­ tion ground for the protection of critical information resources based on GNS3 application software has been developed and implemented. Among the considered methods of testing and risk analysis of the automated system, the optimal iRisk methodology was identified for testing the information security system on the basis of the simulated. The quantitative method Risk for security estimation is considered. Generalized iRisk risk assessment is calculated taking into account the following parameters: Vulnerabili­ ty  — vulnerability assessment, Threat — threat assessment, Control — assessment of security measures. The methodology includes a common CVSS vul­ nerability assessment system, which allows you to use constantly relevant coefficients for the calculation of vulnerabilities, as well as have a list of all major vulnerabilities that are associated with all modern software products that can be used in the automated system. The known software and hardware vulnerabilities of the ground are considered and the resistance of the built network to specific threats by the iRisk method is calculated.

Risk Analysis of ICT Assets

2019 ◽  
pp. 175-193
Author(s):  
Hamed H. Dadmarz
Keyword(s):  
Information Security ◽  
Risk Analysis ◽  
Human Resources ◽  
Business Owners ◽  
Insurance Company ◽  
Security Risk ◽  
Business Goals ◽  
Top Managers ◽  
Information Security Risk ◽  
Information Assets

Risk analysis is required in all companies to help the business owners or top managers make decisions about risk management strategy, which itself provides an organization with a roadmap for information and information infrastructure protection aligned to business goals and the organization's risk profile. This chapter identifies information assets including network, electricity, hardware, service, software, and human resources in the ICT department of a health insurance company and their relevant risks. To determine the risks, the level of confidentiality, level of integrity, level of availability, the likelihood of threat occurrence, and intensity of vulnerability have been assessed and rated. Assessment is done based on the opinions of 30 experts in the field of information security. According to the results, the highest information security risk is on the network.

ISRAM: information security risk analysis method

2005 ◽  
Vol 24 (2) ◽  
pp. 147-159 ◽  
Author(s):  
Bilge Karabacak ◽  
Ibrahim Sogukpinar
Keyword(s):  
Information Security ◽  
Risk Analysis ◽  
Analysis Method ◽  
Security Risk ◽  
Information Security Risk

scholarly journals Ontological support of information security risk management

2021 ◽  
Vol 33 (5) ◽  
pp. 41-64
Author(s):  
Ibrahim Boubacar ◽  
Marina Borisovna Budko ◽  
Mikhail Yurievich Budko ◽  
Alexei Valerievich Guirik
Keyword(s):  
Risk Management ◽  
Information Security ◽  
Security System ◽  
Management Systems ◽  
Security Risk ◽  
Managerial Decision ◽  
Information Security Risk ◽  
Ontological Model ◽  
Intelligent Information ◽  
Security Risk Management

As a result of the work focused on improving the efficiency of the information security system through the development of an ontological model and an approach based on it to ensure information security (IS) risk management, a flexible result was obtained, which is designed to ensure an increase in the efficiency of the information security system by reducing the time spent on managerial decision-making. At the end of the work, a comparative analysis of existing approaches and techniques to information security risk management and the described approach was carried out. Based on the developed ontology and approach, highly intelligent information security risk management systems and the information security system can be created on its basis.

Sign in / Sign up

Export Citation Format

Share Document