Title :
A Novel Security Risk Evaluation for Information Systems
Author :
Gan, Zaobin ; Tang, Jiufei ; Wu, Ping ; Varadharajan, Vijay
Author_Institution :
Huazhong Univ. of Sci. & Technol., Wuhan
Abstract :
Quantitative security risk evaluation of information systems is increasingly drawing more and more attention. This paper extends the attack tree model, and proposes a new quantitative risk evaluation method .While the risk value of the leaf node (atomic attack) is quantified, the multi- attribute utility theory is adopted. All algorithms are presented for each steps of this new evaluation method. In addition, a worked example is also experimented in this paper. The experimental result shows that the novel method can not only make the evaluation result more reasonable and objective, but also offer a good foundation for the implementation of the automatic evaluation tool.
Keywords :
information systems; security of data; automatic evaluation tool; information systems; leaf node risk value; multiattribute utility theory; quantitative security risk evaluation; Computer science; Computer security; Costs; Educational institutions; Gallium nitride; Information security; Information systems; Information technology; National security; Utility theory;
Conference_Titel :
Frontier of Computer Science and Technology, 2007. FCST 2007. Japan-China Joint Workshop on
Conference_Location :
Wuhan
Print_ISBN :
978-0-7695-3036-9
DOI :
10.1109/FCST.2007.9
