Evaluating Damages Caused by Information Systems Security Incidents

نویسندگان

  • Fariborz Farahmand
  • Shamkant B. Navathe
  • Gunter P. Sharp
  • Philip H. Enslow
چکیده

As organizations adopt increasingly sophisticated information systems, the challenge of protecting those systems becomes enormous. Accordingly, the single critical decision security managers have to make is the amount an organization is willing to spend on security measures to protect assets of the organization. To arrive at this decision, security mangers need to know explicitly about the assets of their organizations, the vulnerability of their information systems to different threats, and their potential damages. Each threat and vulnerability must be related to one or more of the assets requiring protection. This means that prior to assessing damages we need to identify assets. Logical and physical assets can be grouped into five categories: 1) InformationDocumented (paper or electronic) data or intellectual property used to meet the mission of an organization, 2) SoftwareSoftware applications and services that process, store, or transmit information, 3) HardwareInformation technology physical devices considering their replacement costs, 4) PeopleThe people in an organization who posses skills, knowledge, and experience that are difficult to replace and, 5) SystemsInformation systems that process and store information (systems being a combination of information, software, and hardware assets and any host, client, or server being considered a system). Various units of value or metrics for valuation of assets may be used. The common metric is monetary, which is generally used for data that represent money where the threat is direct financial theft or fraud. Some assets are difficult to measure in absolute terms but can be measured in relative ways, for example information. The value of information can be measured as a fraction or percentage of total budget, assets, or worth of a business in relative fashion. Assets may also be ranked by sensitivity or

برای دانلود متن کامل این مقاله و بیش از 32 میلیون مقاله دیگر ابتدا ثبت نام کنید

ثبت نام

اگر عضو سایت هستید لطفا وارد حساب کاربری خود شوید

منابع مشابه

Assessing Damages of Information Security Incidents and Selecting Control Measures, a Case Study Approach

Information security executives have always been faced with the problem of justifying security technology investments because the technology benefits are difficult to estimate. There are tangible and intangible benefits that accrue from implementation of security measures; similarly the losses due to security incidents fall into both of these categories. This further complicates estimation. Cur...

متن کامل

Analysis of Characteristics of Victims in Information Security Incidents: The Case of Japanese Internet Users

In this article, we investigate the attributes of victims in information security incidents for the purpose of reducing the damages. Information-Technology Promotion Agency (IPA) conducted the Internet (Web-based) survey titled “Survey of awareness toward information security incidents” whose targets are the Japanese Internet users at October 2010. By using micro data collected from the survey,...

متن کامل

امنیت اطلاعات سامانه های تحت وب نهاد کتابخانه های عمومی کشور

Purpose: This paper aims to evaluate the security of web-based information systems of Iran Public Libraries Foundation (IPLF). Methodology: Survey method was used as a method for implementation. The tool for data collection was a questionnaire, based on the standard ISO/IEC 27002, that has the eleven indicators and 79 sub-criteria, which examines security of web-based information systems of IP...

متن کامل

Incident Learning Systems: From Safety to Security

The complexity of modern networked systems has negative consequences in the form of intended and unintended security incidents. Information security is not the first field to grapple with such challenges. In safety, incident learning systems (ILS) have been used to control high risk environments. Many of these systems, such as NASA’s Aviation Safety Reporting System, have demonstrated considera...

متن کامل

A Sophistication Index for Evaluating Security Breaches

The focus of this research is to develop a sophistication index for evaluating security breaches due to cyber-attacks. Although reports about cyber-attacks elucidate the sophistication involved in a given security or data breach, it is difficult to compare the sophistication of breaches across multiple attacks. Once we have an attack sophistication index, incidents can be compared and consequen...

متن کامل

ذخیره در منابع من


  با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید

برای دانلود متن کامل این مقاله و بیش از 32 میلیون مقاله دیگر ابتدا ثبت نام کنید

ثبت نام

اگر عضو سایت هستید لطفا وارد حساب کاربری خود شوید

عنوان ژورنال:

دوره   شماره 

صفحات  -

تاریخ انتشار 2004