A Probabilistic Estimation Model for Information Systems Security Risk Analysis

Author

Feng, Nan ; Xie, Jing ; Fang, Deying

Author_Institution

Sch. of Manage., Tianjin Univ., Tianjin, China

fYear

2009

fDate

20-22 Sept. 2009

Firstpage

1

Lastpage

4

Abstract

In this paper, a probabilistic estimation model for information systems security (ISS) risk analysis based on evidential reasoning approach is presented. The modeling process consists of four phases: specification of the model structure, estimation of evidence strength, computation of beliefs on assertions, and ISS risk monitoring and analysis. Using the changes of strength of evidences obtained in the organization´s information systems, the model can continually estimate the probability of risk, and identify the sources of risk. The significance of the work is that the model provides objective and visible support for ISS risk analysis.

Keywords

belief networks; case-based reasoning; information systems; probability; risk analysis; security of data; ISS; evidence strength estimation; evidential reasoning approach; information systems security risk analysis; model structure specification; probabilistic estimation model; risk monitoring; Computer security; Educational institutions; Information analysis; Information security; Information systems; Management information systems; Monitoring; Risk analysis; Risk management; Stochastic processes;

fLanguage

English

Publisher

ieee

Conference_Titel

Management and Service Science, 2009. MASS '09. International Conference on

Conference_Location

Wuhan

Print_ISBN

978-1-4244-4638-4

Electronic_ISBN

978-1-4244-4639-1

Type

conf

DOI

10.1109/ICMSS.2009.5303998

Filename

5303998