Model‐based risk assessment evaluation

Abstract: Risk assessment (RA) belongs to the core parts of an organizational risk management process. The primary goals of a RA are the identification, estimation and prioritization of risk(s) to organizational operations. The existing quantitative analysis of RA is focusing on the risk factors, that is, threat or vulnerability. However, the quantitative metrics of the assessment have not been formally defined and modeled yet. Consequently, it is essential to define a formal model and relevant security metrics for RA w… Show more