Abstract
There are standard risk analysis methodologies like GMITS and ISO17799, but new threats and vulnerabilities appear day by day because the IT organizations, its infrastructure, and its environment are changing. Accordingly, the methodologies must evolve in step with the change. Risk analysis methods are generally composed of asset identification, vulnerability analysis, safeguard identification, risk mitigation, and safeguard implementation. As the first process, the asset identification is important because the target scope of risk analysis is defined. This paper proposes a new approach, security risk vector, for evaluating assets quantitatively. A case study is presented.
| Original language | English |
|---|---|
| Pages (from-to) | 274-283 |
| Number of pages | 10 |
| Journal | Lecture Notes in Computer Science |
| Volume | 3481 |
| Issue number | II |
| DOIs | |
| Publication status | Published - 2005 |
| Event | International Conference on Computational Science and Its Applications - ICCSA 2005 - , Singapore Duration: 2005 May 9 → 2005 May 12 |
ASJC Scopus subject areas
- Theoretical Computer Science
- Computer Science(all)