By Topic

A quantitative approach to assess information security related risks

Sign In

Cookies must be enabled to login.After enabling cookies , please use refresh or reload or ctrl+f5 on the browser for the login options.

Formats Non-Member Member
$31 $13
Learn how you can qualify for the best price for this item!
Become an IEEE Member or Subscribe to
IEEE Xplore for exclusive pricing!
close button

puzzle piece

IEEE membership options for an individual and IEEE Xplore subscriptions for an organization offer the most affordable access to essential journal articles, conference papers, standards, eBooks, and eLearning courses.

Learn more about:

IEEE membership

IEEE Xplore subscriptions

2 Author(s)
Romanov, A. ; Grad. Sch. of Syst. & Inf. Eng., Univ. of Tsukuba, Tsukuba, Japan ; Okamoto, E.

Nowadays providing information security (IS) assurance becomes one of key aspects for many organizations worldwide. This is caused not only by desire of management to protect sensitive information fed by growing hackers ' activity but also by recent enforcement of legal requirements and industry regulations. One of the required procedures to manage information security is regular performing of IS risk assessment. Though there already are several approaches proposed to measure IS related risk, they are either inapplicable to real enterprises' IT landscapes or are of qualitative nature (based on subjective decisions of implementation team) and thus could suffer from significant degree of speculation. The purpose of this paper is to present a quantitative approach for effective and efficient assessment of IS related risks which can be easily applied to any enterprise. A key feature of proposed approach is that it does not suffer from subjective considerations and relies on statistical data. Other relevant features are: maintenance cost reduction and possibility to prioritize and compare security initiatives.

Published in:

Risks and Security of Internet and Systems (CRiSIS), 2009 Fourth International Conference on

Date of Conference:

19-22 Oct. 2009