Title :
A Probabilistic Estimation Model for Information Systems Security Risk Analysis
Author :
Feng, Nan ; Xie, Jing ; Fang, Deying
Author_Institution :
Sch. of Manage., Tianjin Univ., Tianjin, China
Abstract :
In this paper, a probabilistic estimation model for information systems security (ISS) risk analysis based on evidential reasoning approach is presented. The modeling process consists of four phases: specification of the model structure, estimation of evidence strength, computation of beliefs on assertions, and ISS risk monitoring and analysis. Using the changes of strength of evidences obtained in the organization´s information systems, the model can continually estimate the probability of risk, and identify the sources of risk. The significance of the work is that the model provides objective and visible support for ISS risk analysis.
Keywords :
belief networks; case-based reasoning; information systems; probability; risk analysis; security of data; ISS; evidence strength estimation; evidential reasoning approach; information systems security risk analysis; model structure specification; probabilistic estimation model; risk monitoring; Computer security; Educational institutions; Information analysis; Information security; Information systems; Management information systems; Monitoring; Risk analysis; Risk management; Stochastic processes;
Conference_Titel :
Management and Service Science, 2009. MASS '09. International Conference on
Conference_Location :
Wuhan
Print_ISBN :
978-1-4244-4638-4
Electronic_ISBN :
978-1-4244-4639-1
DOI :
10.1109/ICMSS.2009.5303998
