DocumentCode
3548160
Title
A formal methodology for Enterprise Information Security risk assessment
Author
Bhattacharjee, Jaya ; Sengupta, Aparajita ; Mazumdar, C.
Author_Institution
Centre for Distrib. Comput., Jadavpur Univ., Kolkata, India
fYear
2013
fDate
23-25 Oct. 2013
Firstpage
1
Lastpage
9
Abstract
Assets are valuable for an enterprise as they help to execute its business activities. They contain vulnerabilities, which, if exploited by threats, can cause harm to an enterprise. Risk assessment is the process of identifying potential harm (risks) that may occur if vulnerabilities are exploited by threats. Existing methodologies for assessing risks are inadequate as they fail to consider important aspects of risk elements, like asset dependency, vulnerability dependency, etc. This paper presents a formal risk assessment methodology that considers these issues during risk computation, and also identifies the actual contributors to risk values.
Keywords
business data processing; risk analysis; security of data; asset dependency; business activities; enterprise information security risk assessment; formal risk assessment methodology; risk computation; risk elements; risk values; vulnerability dependency; Abstracts; Educational institutions; Gold;
fLanguage
English
Publisher
ieee
Conference_Titel
Risks and Security of Internet and Systems (CRiSIS), 2013 International Conference on
Conference_Location
La Rochelle
Type
conf
DOI
10.1109/CRiSIS.2013.6766354
Filename
6766354
Link To Document