Risk Assessment Method Based on Business Process-Oriented Asset Evaluation for Information System Security

Eom, Jung-Ho; Park, Seon-Ho; Han, Yunghsiang S.; Chung, Tai-Myoung

doi:10.1007/978-3-540-72588-6_165

Cited by 17 publications

(8 citation statements)

References 2 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Compared to the existing risk evaluation, the system in the paper has the following advantages:(1) The quantified risk value can present the fairly accurate risk value. (2) The improved AHP method is used to calculate the primary and second layer factors in network security system, which enhances the evaluation accuracy. (3) New evaluation factor system is constructed.…”

Section: Discussionmentioning

confidence: 99%

An Improved AHP Based Quantitative Method for Host Network Risk Evaluation

Ding

Kang

et al. 2009

2009 International Conference on Computational Intelligence and Software Engineering

View full text Add to dashboard Cite

show abstract

Section: Discussionmentioning

confidence: 99%

An Improved AHP Based Quantitative Method for Host Network Risk Evaluation

Ding

Kang

et al. 2009

2009 International Conference on Computational Intelligence and Software Engineering

View full text Add to dashboard Cite

show abstract

“…Eom, Park and Han introduced a risk assessment method based on asset valuation and quantification [19]. Baudrit and Dubios proposed a risk assessment method taking into account two types of uncertainty: randomness and imprecision [6].…”

Section: Overview Of Risk Assessment Methodologiesmentioning

confidence: 99%

Risk assessment for a video surveillance system based on Fuzzy Cognitive Maps

Szwed

Skrzynski

Chmiel

2014

Multimed Tools Appl

View full text Add to dashboard Cite

For various IT systems security is considered a key quality factor. In particular, it might be crucial for video surveillance systems, as their goal is to provide continuous protection of critical infrastructure and other facilities. Risk assessment is an important activity in security management; it aims at identifying assets, threats and vulnerabilities, analysis of implemented countermeasures and their effectiveness in mitigating risks. This paper discusses an application of a new risk assessment method, in which risk calculation is based on Fuzzy Cognitive Maps (FCMs) to a complex automated video surveillance system. FCMs are used to capture dependencies between assets and FCM based reasoning is applied to aggregate risks assigned to lower-level assets (e.g. cameras, hardware, software modules, communications, people) to such high level assets as services, maintained data and processes. Lessons learned indicate, that the proposed method is an efficient and lowcost approach, giving instantaneous feedback and enabling reasoning on effectiveness of security system.

show abstract

“…Han et al (2004) described an expansible vulnerability model in order to qualitatively assess the security of an active network and active nodes, aiming at solving a problem that is more suited for an active network than a traditional one. Eom et al (2007) introduced a risk assessment method based on asset valuation and quantification. Baudrit et al (2006) proposed a risk assessment method of node transmission and possibility exposure.…”

Section: Related Workmentioning

confidence: 99%

A new lightweight method for security risk assessment based on fuzzy cognitive maps

Szwed

Skrzynski

2014

International Journal of Applied Mathematics and Computer Science

View full text Add to dashboard Cite

For contemporary software systems, security is considered to be a key quality factor and the analysis of IT security risk becomes an indispensable stage during software deployment. However, performing risk assessment according to methodologies and standards issued for the public sector or large institutions can be too costly and time consuming. Current business practice tends to circumvent risk assessment by defining sets of standard safeguards and applying them to all developed systems. This leads to a substantial gap: threats are not re-evaluated for particular systems and the selection of security functions is not based on risk models. This paper discusses a new lightweight risk assessment method aimed at filling this gap. In this proposal, Fuzzy Cognitive Maps (FCMs) are used to capture dependencies between assets, and FCM-based reasoning is performed to calculate risks. An application of the method is studied using an example of an e-health system providing remote telemonitoring, data storage and teleconsultation services. Lessons learned indicate that the proposed method is an efficient and low-cost approach, giving instantaneous feedback and enabling reasoning on the effectiveness of the security system.

show abstract

Risk Assessment Method Based on Business Process-Oriented Asset Evaluation for Information System Security

Cited by 17 publications

References 2 publications

An Improved AHP Based Quantitative Method for Host Network Risk Evaluation

An Improved AHP Based Quantitative Method for Host Network Risk Evaluation

Risk assessment for a video surveillance system based on Fuzzy Cognitive Maps

A new lightweight method for security risk assessment based on fuzzy cognitive maps

Contact Info

Product

Resources

About