Assessing Damages of Information Security Incidents and Selecting Control Measures, a Case Study Approach
نویسندگان
چکیده
Information security executives have always been faced with the problem of justifying security technology investments because the technology benefits are difficult to estimate. There are tangible and intangible benefits that accrue from implementation of security measures; similarly the losses due to security incidents fall into both of these categories. This further complicates estimation. Currently a formal approach to assess damages to information security systems does not exist, neither does a model to select control measures. This paper provides a real world study of the threats to information systems, their damages, and maps some control measures to the threats that can cause these damages.
منابع مشابه
Analysis of Characteristics of Victims in Information Security Incidents: The Case of Japanese Internet Users
In this article, we investigate the attributes of victims in information security incidents for the purpose of reducing the damages. Information-Technology Promotion Agency (IPA) conducted the Internet (Web-based) survey titled “Survey of awareness toward information security incidents” whose targets are the Japanese Internet users at October 2010. By using micro data collected from the survey,...
متن کاملThe analysis of hazard identification and risk assessment studies with the approach to assessing risk control measures since 2001 to 2017: A systemic review
Abstract background and aims: Nowadays the growing complexity of technology and industry has led to vast changes over the last few decades. These changes, in addition to their positive and valuable effects, have also caused industrial accidents affecting human life and the environment. According to the ILO 2011 report, there are 340 million annual workplace accidents and 160 million occupation...
متن کاملQuantitative evaluation of software security: an approach based on UML/SecAM and evidence theory
Quantitative and model-based prediction of security in the architecture design stage facilitates early detection of design faults hence reducing modification costs in subsequent stages of software life cycle. However, an important question arises with respect to the accuracy of input parameters. In practice, security parameters can rarely be estimated accurately due to the lack of sufficient kn...
متن کاملAssessing and Selecting Sustainable Suppliers in Intuitionistic Fuzzy Set with Hybrid Multi-Criteria Best-Worst and VIKOR Approach
A sustainable supply of raw materials has a concern for manufacturing companies. Due to the increase of environmental and social awareness, selecting a sustainable supplier has been one of the priorities of organizations. The ambiguity and uncertainty in decision making have led to the application of decision-making methods in uncertainty situations. The present study intends to use a fuzzy mul...
متن کاملFace Recognition Based Rank Reduction SVD Approach
Standard face recognition algorithms that use standard feature extraction techniques always suffer from image performance degradation. Recently, singular value decomposition and low-rank matrix are applied in many applications,including pattern recognition and feature extraction. The main objective of this research is to design an efficient face recognition approach by combining many tech...
متن کامل