Problem Analysis of Traditional IT-Security Risk Assessment Methods - An Experience Report from the Insurance and Auditing Domain

نویسندگان

  • Stefan Taubenberger
  • Jan Jürjens
  • Yijun Yu
  • Bashar Nuseibeh
چکیده

Traditional information technology (IT) security risk assessment approaches are based on an analysis of events, probabilities and impacts. In practice, security experts often find it difficult to determine IT risks reliably with precision. In this paper, we review the risk determination steps of traditional risk assessment approaches and report on our experience of using such approaches. Our experience is based on performing IT audits and IT business insurance cover assessments within a reinsurance company. The paper concludes with a summary of issues concerning traditional approaches that are related to the identification and evaluation of events, probabilities and impacts. We also conclude that there is a need to develop alternative approaches, and suggest a security requirements-based risk assessment approach without events

برای دانلود متن کامل این مقاله و بیش از 32 میلیون مقاله دیگر ابتدا ثبت نام کنید

ثبت نام

اگر عضو سایت هستید لطفا وارد حساب کاربری خود شوید

منابع مشابه

ارائه الگویی برای ارزیابی ریسک آتش‌سوزی‌های عمدی

Background & Objectives : It is not possible to live without using fire. However, fire could destruct human properties in a short time. One of the most important types of fire is intentional fire. This type of fire has become a great problem for insurance companies, fire departments, industries, government and business in the recent years. This study aimed to provide a framework for risk assess...

متن کامل

Improving Fraud and Abuse Detection in General Physician Claims: A Data Mining Study

Background We aimed to identify the indicators of healthcare fraud and abuse in general physicians’ drug prescription claims, and to identify a subset of general physicians that were more likely to have committed fraud and abuse.   Methods We applied data mining approach to a major health insurance organization dataset of private sector general physicians’ prescription claims. It involved 5 ste...

متن کامل

Risk management in the sphere of state economic security provision using professional liability insurance

This study contains a comprehensive scientific analysis of modern problems of risk management in the sphere of state economic security provision using professional liability insurance. The elements of the mechanism for providing economic security are defined, namely: subjects, objects, and instruments of influence. It is stipulated that insurance is the means to provide state economic security....

متن کامل

Peer Assessment in evaluation of Medical sciences students

Introduction: Recently, peer assessment is especially noticed as a progress evaluation method. Although it is a known method, it is a novel method in many countries that they use traditional methods. Then the topic of current review article is peer assessment in medical education. Methods: The documents related to peer assessment, advantages, disadvantages, applications and how use it extracte...

متن کامل

AudES - An Expert System for Security Auditing

Computer security auditing constitutes an important part of any organization’s security procedures. Because of the many inadequacies of currently used manual methods, thorough and timely auditing is often difficult to attain. Recent literature suggests that expert systems techniques can offer significant benefits when applied to security procedures such as risk analysis, security auditing and i...

متن کامل

ذخیره در منابع من


  با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید

برای دانلود متن کامل این مقاله و بیش از 32 میلیون مقاله دیگر ابتدا ثبت نام کنید

ثبت نام

اگر عضو سایت هستید لطفا وارد حساب کاربری خود شوید

عنوان ژورنال:

دوره   شماره 

صفحات  -

تاریخ انتشار 2011