Effective Methodology for Security Risk Assessment of Computer Systems
نویسنده
چکیده
Today, computer systems are more and more complex and support growing security risks. The security managers need to find effective security risk assessment methodologies that allow modeling well the increasing complexity of current computer systems but also maintaining low the complexity of the assessment procedure. This paper provides a brief analysis of common security risk assessment methodologies leading to the selection of a proper methodology to fulfill these requirements. Then, a detailed analysis of the most effective methodology is accomplished, presenting numerical examples to demonstrate how easy it is to use. Keywords—Computer security, qualitative and quantitative methods, risk assessment methodologies, security risk assessment.
منابع مشابه
Assessment Methodology for Anomaly-Based Intrusion Detection in Cloud Computing
Cloud computing has become an attractive target for attackers as the mainstream technologies in the cloud, such as the virtualization and multitenancy, permit multiple users to utilize the same physical resource, thereby posing the so-called problem of internal facing security. Moreover, the traditional network-based intrusion detection systems (IDSs) are ineffective to be deployed in the cloud...
متن کاملDesigning a Combined-fuzzy Methodology to Improve Organizational Diagnosis Process Effectiveness through Identification and Assessment of Effective Parameters
Organizational diagnosis is a systematic and scientific method to identify, categorize and single out the obstacles and their impact on organizational performance through interaction between internal and external views and preparation and setting up operational plans to solve them in the organization. Providing standard products and emphasizing on the financial measures do not guarantee the sur...
متن کاملA risk model for cloud processes
Traditionally, risk assessment consists of evaluating the probability of "feared events", corresponding to known threats and attacks, as well as these events' severity, corresponding to their impact on one or more stakeholders. Assessing risks of cloud-based processes is particularly difficult due to lack of historical data on attacks, which has prevented frequency-based identification...
متن کاملTAME: A Threat Assessment Model for the METEORE System
The wide development of the mobile Internet technology is creating the opportunity for companies to utilise Electronic Payment Systems for the delivery of services. Due to that, organisations have been forced to allocate considerable resources for protecting their information assets. Unfortunately the opportunity still exists for systems to be exploited with catastrophic results. Modern securit...
متن کاملA Methodology to Integrate Security and Cost-effectiveness in ATM
The objective of this paper is the definition of a new methodology for carrying out security risk assessment in the air traffic management (ATM) domain so as to enhance security awareness and integrate secure and cost-effective design objectives. This process is carried out by modelling the system, identifying the assets, threats and vulnerabilities, prioritizing the threats and proposing cost-...
متن کامل