Title :
A novel security risk assessment model for information system
Author_Institution :
Sch. of Inf. Eng., Capital Normal Univ., Beijing, China
Abstract :
Security defense against threats is very important to information system. A novel security risk assessment model is presented. In this model, an information system consists of a series of network nodes, which have three elements: assets, rights and vulnerabilities. To analyze the relevance between vulnerabilities, an algorithm for intrusion path discovery is proposed centralized on assets. By investigating the intrusion paths found, the system risk is quantitatively evaluated on vulnerabilities, nodes, assets, or system, which indicates the risk situation of the system. A simulation experiment and results verify availability and effectiveness of the model.
Keywords :
information systems; risk management; security of data; assets; information system; intrusion path discovery; network nodes series; quantitative evaluation; security risk assessment; vulnerabilities; Algorithm design and analysis; Computer hacking; Information security; Information systems; Permeability measurement; Protection; Risk analysis; Risk management; Safety; Time measurement; information security; model; risk assessment; vulnerability;
Conference_Titel :
Advanced Computer Control (ICACC), 2010 2nd International Conference on
Conference_Location :
Shenyang
Print_ISBN :
978-1-4244-5845-5
DOI :
10.1109/ICACC.2010.5486922
