Title :
Survey of Information Security Risk Assessment
Author :
Gao Zhi-Min ; Wang Sheng-Yuan
Author_Institution :
Res. Centre of Inf. Security Archit., Beijing Jiaotong Univ., Beijing, China
Abstract :
In order to exploring the inherent rule of information security risk assessment development, based on information system or asset structure and operation status, a survey is proposed in which the common risk assessment methods are divided into four types: vulnerability identification and risk assessment, risk factors simulation and risk estimation, security situation assessment, the risk calculation based on business process analysis. The method on delving into the information system of the highest level structure-namely business process structure and change is advocated, on which business operating performance indicators are regarded as risk scale, so real-time and dynamically information security risk calculation is obtained. Finally, Based on an understanding of the information system structure and utilization, combined with feedback control theory, three levels of judgment is defined which positions information security risk assessment method status, and the information security risk assessment study on the return to the rule of non-linear system.
Keywords :
business process re-engineering; information systems; risk management; security of data; business process change; business process structure; feedback control theory; information security; nonlinear system rule; risk assessment; risk calculation assessment; risk factors simulation assessment; security situation assessment; vulnerability identification assessment; ISO standards; Information security; Risk management; US Department of Defense; Information security; asset and threat; business operating performance; business process; information security risk; vulnerability;
Conference_Titel :
Electrical and Control Engineering (ICECE), 2010 International Conference on
Conference_Location :
Wuhan
Print_ISBN :
978-1-4244-6880-5
DOI :
10.1109/iCECE.2010.1378
