Title :
A quantitative approach to assess information security related risks
Author :
Romanov, Anton ; Okamoto, Eiji
Author_Institution :
Grad. Sch. of Syst. & Inf. Eng., Univ. of Tsukuba, Tsukuba, Japan
Abstract :
Nowadays providing information security (IS) assurance becomes one of key aspects for many organizations worldwide. This is caused not only by desire of management to protect sensitive information fed by growing hackers ´ activity but also by recent enforcement of legal requirements and industry regulations. One of the required procedures to manage information security is regular performing of IS risk assessment. Though there already are several approaches proposed to measure IS related risk, they are either inapplicable to real enterprises´ IT landscapes or are of qualitative nature (based on subjective decisions of implementation team) and thus could suffer from significant degree of speculation. The purpose of this paper is to present a quantitative approach for effective and efficient assessment of IS related risks which can be easily applied to any enterprise. A key feature of proposed approach is that it does not suffer from subjective considerations and relies on statistical data. Other relevant features are: maintenance cost reduction and possibility to prioritize and compare security initiatives.
Keywords :
information technology; risk management; security of data; IS risk assessment; industry regulation; information security assessment; legal requirement; maintenance cost reduction; quantitative approach; sensitive information protect; Companies; Computer hacking; Information management; Information security; Law; Legal factors; Risk management; State estimation; Systems engineering and theory; Time measurement;
Conference_Titel :
Risks and Security of Internet and Systems (CRiSIS), 2009 Fourth International Conference on
Conference_Location :
Toulouse
Print_ISBN :
978-1-4244-4498-4
Electronic_ISBN :
2151-4763
DOI :
10.1109/CRISIS.2009.5411970
