Dynamic Assessment and VaR-Based Quantification of Information Security Risk

Qi, Wenjing; Liu, Xue; Jian, Zhang; Yuan, Weihua

doi:10.1109/ebiss.2010.5473537

“…OCTAVE approach [3], PARA and Facilitated Risk Analysis Process [4] are qualitative methods. VaR-based risk assessment [6], Markov Model based security risks evaluation [7] and risk evaluation model based on correlation rules [8], modular attack trees [10] are representatives of quantitative approaches.…”

Section: Introductionmentioning

confidence: 99%

SVM-based Dynamic Risk Recognition and Complex Risk Assessment

Li¹,

Qi²,

Yuan³

2015

Proceedings of the 3rd International Conference on Material, Mechanical and Manufacturing Engineering

Self Cite

0

View full text Add to dashboard Cite

Abstract. Risk assessment is a critical step for the robust operation of an information system. We incorporate machine learning and statistical theory together in risk recognition and evaluation to accommodate the dynamic and complex characters of information systems. first, SVM classifier is employed to recognize dynamic risk; then risk factor is defined for very single risk based on historical experiences; further, a complex risk assessment model is proposed to quantify risk to capital loss, which provide an intuitive way for user to understand the severity of risks . Experiments show that our method is feasible and effective in practical application environments.

show abstract

An Analytical Study of Methodologies and Tools for Enterprise Information Security Risk Management

Bhattacharjee

¹

,

Sengupta

²

,

Barik

³

et al.

Advances in Information Security, Privacy, and Ethics

3

0

View full text Add to dashboard Cite

An enterprise is characterized by its business processes and supporting ICT infrastructure. Securing these entities is of utmost importance for the survival of an enterprise and continuity of its business operations. In order to secure them, it is important to first detect the risks that can be realized to cause harm to those entities. Over the years, several kinds of security risk analysis methodologies have been proposed. They cater to different categories of enterprise entities and consider varying levels of detail during risk analysis. An enterprise often finds it difficult to select a particular method that will best suit its purpose. This paper attempts to address this problem by presenting a detailed study of existing risk analysis methodologies. The study classifies them into specific categories and performs comparative analyses considering different parameters addressed by the methodologies, including asset type, vulnerabilities, threats, and security controls.

show abstract

An Analytical Study of Methodologies and Tools for Enterprise Information Security Risk Management

Bhattacharjee

¹

,

Sengupta

²

,

Barik

³

et al.

Global Business Expansion

View full text Add to dashboard Cite

An enterprise is characterized by its business processes and supporting ICT infrastructure. Securing these entities is of utmost importance for the survival of an enterprise and continuity of its business operations. In order to secure them, it is important to first detect the risks that can be realized to cause harm to those entities. Over the years, several kinds of security risk analysis methodologies have been proposed. They cater to different categories of enterprise entities and consider varying levels of detail during risk analysis. An enterprise often finds it difficult to select a particular method that will best suit its purpose. This paper attempts to address this problem by presenting a detailed study of existing risk analysis methodologies. The study classifies them into specific categories and performs comparative analyses considering different parameters addressed by the methodologies, including asset type, vulnerabilities, threats, and security controls.

show abstract

Dynamic Assessment and VaR-Based Quantification of Information Security Risk

Cited by 3 publications

References 6 publications

SVM-based Dynamic Risk Recognition and Complex Risk Assessment

SVM-based Dynamic Risk Recognition and Complex Risk Assessment

An Analytical Study of Methodologies and Tools for Enterprise Information Security Risk Management

An Analytical Study of Methodologies and Tools for Enterprise Information Security Risk Management

Contact Info

Product

Resources

About