• DocumentCode
    2381069
  • Title

    A Novel Security Risk Evaluation for Information Systems

  • Author

    Gan, Zaobin ; Tang, Jiufei ; Wu, Ping ; Varadharajan, Vijay

  • Author_Institution
    Huazhong Univ. of Sci. & Technol., Wuhan
  • fYear
    2007
  • fDate
    1-3 Nov. 2007
  • Firstpage
    67
  • Lastpage
    73
  • Abstract
    Quantitative security risk evaluation of information systems is increasingly drawing more and more attention. This paper extends the attack tree model, and proposes a new quantitative risk evaluation method .While the risk value of the leaf node (atomic attack) is quantified, the multi- attribute utility theory is adopted. All algorithms are presented for each steps of this new evaluation method. In addition, a worked example is also experimented in this paper. The experimental result shows that the novel method can not only make the evaluation result more reasonable and objective, but also offer a good foundation for the implementation of the automatic evaluation tool.
  • Keywords
    information systems; security of data; automatic evaluation tool; information systems; leaf node risk value; multiattribute utility theory; quantitative security risk evaluation; Computer science; Computer security; Costs; Educational institutions; Gallium nitride; Information security; Information systems; Information technology; National security; Utility theory;
  • fLanguage
    English
  • Publisher
    ieee
  • Conference_Titel
    Frontier of Computer Science and Technology, 2007. FCST 2007. Japan-China Joint Workshop on
  • Conference_Location
    Wuhan
  • Print_ISBN
    978-0-7695-3036-9
  • Type

    conf

  • DOI
    10.1109/FCST.2007.9
  • Filename
    4402602
    • Link To Document
    https://search.isc.ac/dl/search/defaultta.aspx?DTC=49&DC=2381069