A Quantitative Risk Analysis Approach for Deliberate Threats
نویسندگان
چکیده
Recently, organizations around the world are becoming aware of the need to run risk management programs in order to enhance their information security. However, the majority of the existing qualitative/empirical methods fail to adhere to the terminology defined by ISO 27000-series and treat deliberate threats in a misleading way. In this paper, a quantitative risk analysis approach for deliberate threats is introduced. The proposed approach follows the steps suggested by the ISO 27005 standard for risk management, extending them in order to focus on deliberate threats and the different information security incidents that realize them. It is based on three-levels: the conceptual foundation level, the modeling tools level and the mathematical foundation level. The conceptual foundation level defines and analyzes the terminology involved, using unified modeling language (UML) class diagrams. The modeling tools level introduces certain tools that assist in modeling the relations among different concepts. Finally, the mathematical foundation level includes all the different mathematical formulas and techniques used to estimate risk values for each threat.
منابع مشابه
A risk model for cloud processes
Traditionally, risk assessment consists of evaluating the probability of "feared events", corresponding to known threats and attacks, as well as these events' severity, corresponding to their impact on one or more stakeholders. Assessing risks of cloud-based processes is particularly difficult due to lack of historical data on attacks, which has prevented frequency-based identification...
متن کاملThe Relationship between Course Experience and Deliberate Practice Study Approach among Nursing Students
Introduction: Approaches to studying include explicit and implicit thoughts and behaviors which could be modified by educational interventions. The purpose of this study was to determine the relationship between course experience and deliberate practice study approach among nursing students in Isfahan University of Medical Sciences. Methods: This descriptive-correlational study was performed o...
متن کاملAnalysis of spatial vulnerability of threatened strategic urban centers from the point of view of passive defense (case study: Bojnurd city)
Background and objective: Safety and security against threats is one of the most basic principles in order to achieve the desired standards of urban comfort, and attention to the passive defense of cities against external threats has always been considered since the beginning of the formation of cities. Therefore, the purpose of this study is to provide management strategies to reduce the exist...
متن کاملCompiling a Marketing Strategic Plan for Iran's Student Sports Federation
The present research has aimed to compile a strategic marketing plan for the Student Sports Federation. Using a mixed research method, the study took a qualitative and quantitative approach. In the qualitative phase, the statistical population of this research consisted of the Student Sports Federation managers and officials, university professors and experts on students' sports (16 individuals...
متن کاملRisk Analysis of Operating Room Using the Fuzzy Bayesian Network Model
To enhance Patient’s safety, we need effective methods for risk management. This work aims to propose an integrated approach to risk management for a hospital system. To improve patient’s safety, we should develop flexible methods where different aspects of risk and type of information are taken into consideration. This paper proposes a fuzzy Bayesian network to model and analyze risk in the op...
متن کامل