Title :
A formal methodology for Enterprise Information Security risk assessment
Author :
Bhattacharjee, Jaya ; Sengupta, Aparajita ; Mazumdar, C.
Author_Institution :
Centre for Distrib. Comput., Jadavpur Univ., Kolkata, India
Abstract :
Assets are valuable for an enterprise as they help to execute its business activities. They contain vulnerabilities, which, if exploited by threats, can cause harm to an enterprise. Risk assessment is the process of identifying potential harm (risks) that may occur if vulnerabilities are exploited by threats. Existing methodologies for assessing risks are inadequate as they fail to consider important aspects of risk elements, like asset dependency, vulnerability dependency, etc. This paper presents a formal risk assessment methodology that considers these issues during risk computation, and also identifies the actual contributors to risk values.
Keywords :
business data processing; risk analysis; security of data; asset dependency; business activities; enterprise information security risk assessment; formal risk assessment methodology; risk computation; risk elements; risk values; vulnerability dependency; Abstracts; Educational institutions; Gold;
Conference_Titel :
Risks and Security of Internet and Systems (CRiSIS), 2013 International Conference on
Conference_Location :
La Rochelle
DOI :
10.1109/CRiSIS.2013.6766354
