Referenced Items are not available for this document.
This paper proposes a quantitative model for assessing cyber security risk in information security. The model can be used to evaluate the security readiness of firms in the marketplace through qualitative and quantitative tools. We propose a Bayesian network methodology that can be used to generate a cyber security risk score that takes as input a firm's security profile and data breach statistics. The quantitative model enables cyber risk to be captured in a precise and comparable fashion. The objective of the scoring model is to create a common reference in the marketplace that could enhance incentives for firms to invest and improve their security systems. This paper concludes with a demonstration of scoring an intrusion detection network.
Published in:
Systems and Information Engineering Design Symposium, 2009. SIEDS '09.
Date of Conference: 24-24 April 2009
- Page(s):
- 183 - 187
- E-ISBN :
- 978-1-4244-4532-5
- Print ISBN:
- 978-1-4244-4531-8
- INSPEC Accession Number:
- 10788970
- Conference Location :
- Charlottesville, VA
- Digital Object Identifier :
- 10.1109/SIEDS.2009.5166177
- Product Type:
- Conference Publications
About IEEE Xplore | Contact | Help | Terms of Use | Nondiscrimination Policy | Site Map | Privacy & Opting Out of Cookies
A not-for-profit organization, IEEE is the world's largest professional association for the advancement of technology.
© Copyright 2013 IEEE - All rights reserved. Use of this web site signifies your agreement to the terms and conditions.
