Fair-based loss measurement model for enterprise personal information breach

Jang Ho Yun; In Hyun Cho; Kyung Ho Lee

doi:10.1007/978-981-10-0281-6_116

Fair-based loss measurement model for enterprise personal information breach

Jang Ho Yun, In Hyun Cho, Kyung Ho Lee

School of Cybersecurity

Research output: Chapter in Book/Report/Conference proceeding › Chapter

Abstract

Loss measurement for personal information breach incidents can be used as a basis for decision making for information security investments. In this vein, reasonable loss measurement is important in determining information security policies. However, the previous research is focused on estimating the amount of loss which is incurred after incidents. In order to be base data for decision making, loss measurement should include incident-causing-factors before incidents occur. In this paper, we propose a loss measurement model based on an improved FAIR (Factor Analysis of Information Risk) risk analysis methodology. Additionally, we verify the effectiveness of the proposed model by applying it to a large scale personal information leakage case.

Original language	English
Title of host publication	Lecture Notes in Electrical Engineering
Publisher	Springer Verlag
Pages	825-833
Number of pages	9
DOIs	https://doi.org/10.1007/978-981-10-0281-6_116
Publication status	Published - 2015

Publication series

Name	Lecture Notes in Electrical Engineering
Volume	373
ISSN (Print)	1876-1100
ISSN (Electronic)	1876-1119

Keywords

Loss measurement model
Personal information breach
Security policy

ASJC Scopus subject areas

Industrial and Manufacturing Engineering

Access to Document

10.1007/978-981-10-0281-6_116

Cite this

@inbook{9b89e6ae65594832b9384d2ddc9b1ecf,

title = "Fair-based loss measurement model for enterprise personal information breach",

abstract = "Loss measurement for personal information breach incidents can be used as a basis for decision making for information security investments. In this vein, reasonable loss measurement is important in determining information security policies. However, the previous research is focused on estimating the amount of loss which is incurred after incidents. In order to be base data for decision making, loss measurement should include incident-causing-factors before incidents occur. In this paper, we propose a loss measurement model based on an improved FAIR (Factor Analysis of Information Risk) risk analysis methodology. Additionally, we verify the effectiveness of the proposed model by applying it to a large scale personal information leakage case.",

keywords = "Loss measurement model, Personal information breach, Security policy",

author = "Yun, {Jang Ho} and Cho, {In Hyun} and Lee, {Kyung Ho}",

note = "Publisher Copyright: {\textcopyright} Springer Science+Business Media Singapore 2015.",

year = "2015",

doi = "10.1007/978-981-10-0281-6_116",

language = "English",

series = "Lecture Notes in Electrical Engineering",

publisher = "Springer Verlag",

pages = "825--833",

booktitle = "Lecture Notes in Electrical Engineering",

}

TY - CHAP

T1 - Fair-based loss measurement model for enterprise personal information breach

AU - Yun, Jang Ho

AU - Cho, In Hyun

AU - Lee, Kyung Ho

N1 - Publisher Copyright: © Springer Science+Business Media Singapore 2015.

PY - 2015

Y1 - 2015

N2 - Loss measurement for personal information breach incidents can be used as a basis for decision making for information security investments. In this vein, reasonable loss measurement is important in determining information security policies. However, the previous research is focused on estimating the amount of loss which is incurred after incidents. In order to be base data for decision making, loss measurement should include incident-causing-factors before incidents occur. In this paper, we propose a loss measurement model based on an improved FAIR (Factor Analysis of Information Risk) risk analysis methodology. Additionally, we verify the effectiveness of the proposed model by applying it to a large scale personal information leakage case.

AB - Loss measurement for personal information breach incidents can be used as a basis for decision making for information security investments. In this vein, reasonable loss measurement is important in determining information security policies. However, the previous research is focused on estimating the amount of loss which is incurred after incidents. In order to be base data for decision making, loss measurement should include incident-causing-factors before incidents occur. In this paper, we propose a loss measurement model based on an improved FAIR (Factor Analysis of Information Risk) risk analysis methodology. Additionally, we verify the effectiveness of the proposed model by applying it to a large scale personal information leakage case.

KW - Loss measurement model

KW - Personal information breach

KW - Security policy

UR - http://www.scopus.com/inward/record.url?scp=84951873957&partnerID=8YFLogxK

U2 - 10.1007/978-981-10-0281-6_116

DO - 10.1007/978-981-10-0281-6_116

M3 - Chapter

AN - SCOPUS:84951873957

T3 - Lecture Notes in Electrical Engineering

SP - 825

EP - 833

BT - Lecture Notes in Electrical Engineering

PB - Springer Verlag

ER -

Fair-based loss measurement model for enterprise personal information breach

Abstract

Publication series

Keywords

ASJC Scopus subject areas

Access to Document

Other files and links

Fingerprint

Cite this