Quantitative risk analysis and evaluation in information systems: A case study

Young Gab Kim; Jongin Lim

doi:10.1007/978-3-540-72588-6_167

Quantitative risk analysis and evaluation in information systems: A case study

Young Gab Kim, Jongin Lim

School of Cybersecurity

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

1 Citation (Scopus)

Abstract

The rapid growth of the Internet technology has encouraged organizations to protect their information assets. Furthermore, the need for risk analysis has become very important for organizations. However, the existing risk analysis just presents the guidelines that can be used to determine the security measures but do not support how to evaluate the risks quantitatively. Therefore, in this paper, the quantitative risk evaluation model based on the Markov process, especially for the case of interrelated threats, is proposed. In addition, in order to analyze the relationship between threats, the basic analysis method using the covariance and the correlation coefficient is presented.

Original language	English
Title of host publication	Computational Science - ICCS 2007 - 7th International Conference, Proceedings
Publisher	Springer Verlag
Pages	1040-1047
Number of pages	8
Edition	PART 3
ISBN (Print)	9783540725879
DOIs	https://doi.org/10.1007/978-3-540-72588-6_167
Publication status	Published - 2007
Event	7th International Conference on Computational Science, ICCS 2007 - Beijing, China Duration: 2007 May 27 → 2007 May 30

Publication series

Name	Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Number	PART 3
Volume	4489 LNCS
ISSN (Print)	0302-9743
ISSN (Electronic)	1611-3349

Other

Other	7th International Conference on Computational Science, ICCS 2007
Country/Territory	China
City	Beijing
Period	07/5/27 → 07/5/30

ASJC Scopus subject areas

Theoretical Computer Science
Computer Science(all)

Access to Document

10.1007/978-3-540-72588-6_167

Cite this

Kim, Y. G., & Lim, J. (2007). Quantitative risk analysis and evaluation in information systems: A case study. In Computational Science - ICCS 2007 - 7th International Conference, Proceedings (PART 3 ed., pp. 1040-1047). (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 4489 LNCS, No. PART 3). Springer Verlag. https://doi.org/10.1007/978-3-540-72588-6_167

Quantitative risk analysis and evaluation in information systems: A case study. / Kim, Young Gab; Lim, Jongin.
Computational Science - ICCS 2007 - 7th International Conference, Proceedings. PART 3. ed. Springer Verlag, 2007. p. 1040-1047 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 4489 LNCS, No. PART 3).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

Kim, YG & Lim, J 2007, Quantitative risk analysis and evaluation in information systems: A case study. in Computational Science - ICCS 2007 - 7th International Conference, Proceedings. PART 3 edn, Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), no. PART 3, vol. 4489 LNCS, Springer Verlag, pp. 1040-1047, 7th International Conference on Computational Science, ICCS 2007, Beijing, China, 07/5/27. https://doi.org/10.1007/978-3-540-72588-6_167

Kim YG, Lim J. Quantitative risk analysis and evaluation in information systems: A case study. In Computational Science - ICCS 2007 - 7th International Conference, Proceedings. PART 3 ed. Springer Verlag. 2007. p. 1040-1047. (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); PART 3). doi: 10.1007/978-3-540-72588-6_167

Kim, Young Gab ; Lim, Jongin. / Quantitative risk analysis and evaluation in information systems : A case study. Computational Science - ICCS 2007 - 7th International Conference, Proceedings. PART 3. ed. Springer Verlag, 2007. pp. 1040-1047 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); PART 3).

@inproceedings{6041aeb3fe1a4ba7814100989b665dd9,

title = "Quantitative risk analysis and evaluation in information systems: A case study",

abstract = "The rapid growth of the Internet technology has encouraged organizations to protect their information assets. Furthermore, the need for risk analysis has become very important for organizations. However, the existing risk analysis just presents the guidelines that can be used to determine the security measures but do not support how to evaluate the risks quantitatively. Therefore, in this paper, the quantitative risk evaluation model based on the Markov process, especially for the case of interrelated threats, is proposed. In addition, in order to analyze the relationship between threats, the basic analysis method using the covariance and the correlation coefficient is presented.",

author = "Kim, {Young Gab} and Jongin Lim",

year = "2007",

doi = "10.1007/978-3-540-72588-6_167",

language = "English",

isbn = "9783540725879",

series = "Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)",

publisher = "Springer Verlag",

number = "PART 3",

pages = "1040--1047",

booktitle = "Computational Science - ICCS 2007 - 7th International Conference, Proceedings",

edition = "PART 3",

note = "7th International Conference on Computational Science, ICCS 2007 ; Conference date: 27-05-2007 Through 30-05-2007",

}

TY - GEN

T1 - Quantitative risk analysis and evaluation in information systems

T2 - 7th International Conference on Computational Science, ICCS 2007

AU - Kim, Young Gab

AU - Lim, Jongin

PY - 2007

Y1 - 2007

N2 - The rapid growth of the Internet technology has encouraged organizations to protect their information assets. Furthermore, the need for risk analysis has become very important for organizations. However, the existing risk analysis just presents the guidelines that can be used to determine the security measures but do not support how to evaluate the risks quantitatively. Therefore, in this paper, the quantitative risk evaluation model based on the Markov process, especially for the case of interrelated threats, is proposed. In addition, in order to analyze the relationship between threats, the basic analysis method using the covariance and the correlation coefficient is presented.

AB - The rapid growth of the Internet technology has encouraged organizations to protect their information assets. Furthermore, the need for risk analysis has become very important for organizations. However, the existing risk analysis just presents the guidelines that can be used to determine the security measures but do not support how to evaluate the risks quantitatively. Therefore, in this paper, the quantitative risk evaluation model based on the Markov process, especially for the case of interrelated threats, is proposed. In addition, in order to analyze the relationship between threats, the basic analysis method using the covariance and the correlation coefficient is presented.

UR - http://www.scopus.com/inward/record.url?scp=38149133811&partnerID=8YFLogxK

U2 - 10.1007/978-3-540-72588-6_167

DO - 10.1007/978-3-540-72588-6_167

M3 - Conference contribution

AN - SCOPUS:38149133811

SN - 9783540725879

T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)

SP - 1040

EP - 1047

BT - Computational Science - ICCS 2007 - 7th International Conference, Proceedings

PB - Springer Verlag

Y2 - 27 May 2007 through 30 May 2007

ER -

Quantitative risk analysis and evaluation in information systems: A case study

Abstract

Publication series

Other

ASJC Scopus subject areas

Access to Document

Other files and links

Fingerprint

Cite this