Title :
A New Formula of Security Risk Analysis That Takes Risk Improvement Factor into Account
Author_Institution :
Inf. Technol. Center, Univ. of Tokyo, Tokyo, Japan
Abstract :
Risk analysis is the very first step for organizational information security, where a qualitative approach is a major methodology. Today, it is required that risk treatment is discussed also in terms of security investment. Considering that a security model can be represented as a set of risk formulas, we propose a new risk formula that can also rep- resent improvement factors of securitv. The resulting formula is R = eC · AαAVαVTαT, which includes the conventional multiplicative risk formula. We show how to calculate α´s by using the risk reduction matrix. As an available scenario, we propose that we use the formula as a perturbation to the conventional risk formula. We show an example scenario in which by using the conventional multiplicative risk formula and a risk reduction matrix for representing the risk improving factor, a risk value is re-calculated. Security investment can also be evaluated by using our formula. Moreover, we propose that α´s represent a factor of significance in decision making. Keywords: security, risk assessment, risk formula, security investment.
Keywords :
matrix algebra; organisational aspects; risk analysis; security of data; organizational information security; risk improvement factor; risk reduction matrix; security investment; security risk analysis; Decision making; Information security; Investments; Organizations; Risk management; risk assessment; risk formula; security; security investment;
Conference_Titel :
Privacy, Security, Risk and Trust (PASSAT) and 2011 IEEE Third Inernational Conference on Social Computing (SocialCom), 2011 IEEE Third International Conference on
Conference_Location :
Boston, MA
Print_ISBN :
978-1-4577-1931-8
DOI :
10.1109/PASSAT/SocialCom.2011.44
