Assets Dependencies Model in Information Security Risk Management
نویسندگان
چکیده
Information security risk management is a fundamental process conducted for the purpose of securing information assets in an organization. It usually involves asset identification and valuation, threat analysis, risk analysis and implementation of countermeasures. A correct asset valuation is a basis for accurate risk analysis, but there is a lack of works describing the valuation process with respect to dependencies among assets. In this work we propose a method for inspecting asset dependencies, based on common security attributes confidentiality, integrity and availability. Our method should bring more detailed outputs from the risk analysis and therefore make this process more objective.
منابع مشابه
Asset Valuation Method for Dependent Entities
Asset analysis and valuation are important parts of the information security risk management. Outputs they produce are used in the process of risk analysis that plays a key role in securing organization’s business processes. A correct analysis and valuation of assets should reveal not only their importance for the organization, but also their relationships and dependencies between each other. T...
متن کاملInsurer Optimal Asset Allocation in a Small and Closed Economy: The Case of Iran’s Social Security Organization
We seek to determine the optimal amount of the insurer’s investment in all types of assets for a small and closed economy. The goal is to detect the implications and contributions the risk seeker and risk aversion insurer commonly make and the effectiveness in the investment decision. Also, finding the optimum portfolio for each is the main goal of the present study. To this end, we adopted the...
متن کاملRiskFlows - Continuous Risk-driven Workflows and Decision Support in Information Security Management Systems
Information Security Management Systems (ISMS) aim at ensuring proper protection of information values and information processing systems (i.e. assets). Information Security Risk Management (ISRM) techniques are incorporated to deal with threats and vulnerabilities that impose risks to information security properties of these assets. Considering the evolution of information systems as well as m...
متن کاملبهبود رتبه بندی مخاطرات امنیت اطلاعات با استفاده از مدل های تصمیم گیری چند شاخصه
One of the most important capabilities of information security management systems, which must be implemented in all organizations according to their requirements, is information security risk management. The application of information security risk management is so important that it can be named as the heart of information security management systems. Information security risk rating is conside...
متن کاملIdentifying Information Security Risk Components in Military Hospitals in Iran
Background and Aim: Information systems are always at risk of information theft, information change, and interruptions in service delivery. Therefore, the present study was conducted to develop a model for identifying information security risk in military hospitals in Iran. Methods: This study was a qualitative content analysis conducted in military hospitals in Iran in 2019. The sample consist...
متن کامل