Vulnerability identification errors in security risk assessments
نویسنده
چکیده
......................................................................................................................... 2 Acknowledgements ........................................................................................................ 6 Table of
منابع مشابه
Resolving vulnerability identification errors using security requirements on business process models
Purpose – In any information security risk assessment, vulnerabilities are usually identified by information-gathering techniques. However, vulnerability identification errors – wrongly identified or unidentified vulnerabilities – can occur as uncertain data are used. Furthermore, businesses’ security needs are not considered sufficiently. Hence, security functions may not protect business asse...
متن کاملResolving Vulnerability Identification Errors using Security Requirements on Business Process Models
Purpose In any information security risk assessment, vulnerabilities are usually identified by information-gathering techniques. However, vulnerability identification errors wrongly identified or unidentified vulnerabilities can occur as uncertain data are used. Furthermore, businesses’ security needs are not considered sufficiently. Hence, security functions may not protect business assets suf...
متن کاملMetaStar Security Risk Assessments: HIPAA and Meaningful Use.
• Vulnerability identification—Identify system’s weaknesses. • Control analysis—Analyze controls in place to prevent vulnerabilities from being exploited. • Likelihood determination—Determine probability of a vulnerability being exploited. • Impact analysis—Analyze impact on organization should a vulnerability be exploited. • Risk determination—Develop prioritized listing of risks (ie, gaps in ...
متن کاملNetwork Risk Evaluation by Data Mining
Risk management is one of the most prominent concepts which has recently been brought into sharp focus regarding security issues in computer networks. Scientifically speaking, risk in the field of network security is a generalized matter leading the organization to the provision of resolutions which target resources and profits of the organization. This paper has discussed what methods are ...
متن کاملA New Risk Management Paradigm For Assessments and Evaluations of Information Assurance Systems
Traditional risk management methods developed and practiced by the Information Assurance (IA) community have typically begun with an identification of system threats or vulnerabilities, followed by a careful assessment of the consequences and the likelihood of each of these threats or vulnerabilities. Such an approach, although valid, tends to be unnecessarily labor intensive and often delays t...
متن کامل