[go: up one dir, main page]
More Web Proxy on the site http://driver.im/
Skip to main content
Springer Nature Link
Log in

Information Security Risk Assessment Model for Risk Management

  • Conference paper
Trust and Privacy in Digital Business (TrustBus 2006)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 4083))

Abstract

The article presents a simple model for the information security risk assessment. There are four main elements of the model: security threats, their business impact, security measures and their costs. The security measures – threats relationship matrix is the fundamental quantitative tool for the model. The model bases on well known methods like ALE, ROSI and ISRAM but allows for establishing more flexible and more precise metrics supporting the security management process at different organizational levels.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

Similar content being viewed by others

References

  1. BITS Key Risk Measurement Tool for Information Security Operational Risks, BITS Financial Services RoundTable (2004)

    Google Scholar 

  2. Cavusoglu, H., Mishra, B., Raghunathan, S.: A Model for Evaluating IT Security Investments. Communications of the ACM 47(7) (2004)

    Google Scholar 

  3. Davis, A.: Return on security investment - proving it’s worth it. Network Security 11, 8–10 (2005)

    Article  Google Scholar 

  4. Dhaeseleer, P., Forrest, S., Helman, P.: An Immunological Approach to Change Detection: Algorithms, Analysis and Implications. In: IEEE Symposium on Security and Privacy (1996)

    Google Scholar 

  5. Gordon, L.A., Loeb, M.P., Lucyshyn, W.: Sharing information on computer systems security: An economic analysis. Journal of Accounting and Public Policy 22, 461–485 (2003)

    Article  Google Scholar 

  6. Karabacak, B., Sogukpinar, I.: ISRAM: information security risk analysis method. Computers & Security 24, 147–159 (2005)

    Article  Google Scholar 

  7. Me, L.: GASSATA, a Genetic Algorithm as an Alternative Tool for Security Audit Trails Analysis

    Google Scholar 

  8. Risk Management Guide for Information Technology Systems. National Institute of Standards and Technology. Special Publication, pp. 800–830 (2001)

    Google Scholar 

  9. Risk Management Principles for Electronic Banking. Basel Committee on Banking Supervision (2003)

    Google Scholar 

  10. Schechter, E.: Computer Security Strength & Risk: A Quantitative Approach. Thesis presented to The Division of Engineering and Applied Sciences. Harvard University, p. 29 (2004)

    Google Scholar 

  11. Sonnenreich, W.: Return On Security Investment (ROSI): A Practical Quantitative Model. A summary of Research and Development conducted at SageSecure (2002)

    Google Scholar 

  12. Sound Practices for the Management and Supervision of Operational Risk. Basel Committee on Banking Supervision (2003)

    Google Scholar 

  13. Tsiakis, T., Stephanides, G.: The economic approach of information security. Computers & Security 24, 105–108 (2005)

    Article  Google Scholar 

  14. Wawrzyniak, D.: Organizational Aspects of Data Security in Banking Computer Systems. In: Abramowicz, W. (ed.) Business Information Systems Proceedings, pp. 237–245 (1998)

    Google Scholar 

  15. Wawrzyniak, D.: Zarzadzanie bezpieczenstwem systemow informatycznych w bankowosci. Wydawnictwo Zarzadzanie i Finanse (2002)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. University of Economics, ul. Komandorska 118/120, 53-345, Wroclaw, Poland

    Dariusz Wawrzyniak

Authors
  1. Dariusz Wawrzyniak
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Department of Computer Science, Karlstad University, Universitetsgatan 2, 651 88, Karlstad, Sweden

    Simone Fischer-Hübner

  2. School of Computing, Communications and Electronics, Network Research Group, University of Plymouth, PL4 8AA, Plymouth, UK

    Stevel Furnell

  3. Laboratory of Information and Communication Systems Security Department of Information and Communication Systems Engineering, University of the Aegean, GR-83200, Samos, Karlovassi, Greece

    Costas Lambrinoudakis

Rights and permissions

Reprints and permissions

Copyright information

© 2006 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Wawrzyniak, D. (2006). Information Security Risk Assessment Model for Risk Management. In: Fischer-Hübner, S., Furnell, S., Lambrinoudakis, C. (eds) Trust and Privacy in Digital Business. TrustBus 2006. Lecture Notes in Computer Science, vol 4083. Springer, Berlin, Heidelberg. https://doi.org/10.1007/11824633_3

Download citation

  • DOI: https://doi.org/10.1007/11824633_3

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-540-37750-4

  • Online ISBN: 978-3-540-37752-8

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation