Analysis of Information Security Problem by Probabilistic Risk Assessment
نویسندگان
چکیده
The information security risk assessment is investigated from perspectives of most advanced probabilistic risk assessment (PRA) for nuclear power plants. Accident scenario enumeration by initiating events, mitigation systems and event trees are first described and demonstrated. Assets, confidentiality, integrity, availability, threats, vulnerabilities, impacts, likelihoods, and safeguards are reformulated by the PRA. Two illustrative examples are given: network access attacker and physical access attacker. Defenseless time spans and their frequencies are introduced to cope with non-rare initiating events of information security problems. A common event tree structure may apply to variety of security problems, thus facilitating the risk assessment. Keywords— Information security, Probabilistic risk assessment, Initiating event, Mitigation system, Asset, Threat, Vulnerability, Impact
منابع مشابه
ارائه الگویی برای ارزیابی ریسک آتشسوزیهای عمدی
Background & Objectives : It is not possible to live without using fire. However, fire could destruct human properties in a short time. One of the most important types of fire is intentional fire. This type of fire has become a great problem for insurance companies, fire departments, industries, government and business in the recent years. This study aimed to provide a framework for risk assess...
متن کاملMethods and Approaches to Investigating Information Risks by Means of Economic Cost Models
The article deals with legal documents in the field of information security, methods of the information risk assessment including economic cost models for identifying probabilistic parameters and structure of information risks and application of these models to the analysis of investments in information security projects. An adequate assessment of information risk and optimization of investment...
متن کاملThreat Analysis of Cyber Attacks with Attack Tree+
Defenders have developed various threat risk analysis schemes to recognize the intruder attack profile, identify the system weakness, and implement the security safeguards to protect the information asset from cyber-attacks. Attack trees (AT) technique play an important role to investigate the threat analysis problem to known cyber-attacks for risk assessment. For example, protection trees and ...
متن کاملComparative Study of Information Security Risk Assessment Models for Cloud Computing systems
This paper reviews the state of the art in cyber security risk assessment of Cloud Computing systems. We select and examine in detail the quantitative security risk assessment models developed for or applied especially in the context of a Cloud Computing system. We review and then analyze existing models in terms of aim; the stages of risk management addressed; key risk management concepts cove...
متن کاملبهبود رتبه بندی مخاطرات امنیت اطلاعات با استفاده از مدل های تصمیم گیری چند شاخصه
One of the most important capabilities of information security management systems, which must be implemented in all organizations according to their requirements, is information security risk management. The application of information security risk management is so important that it can be named as the heart of information security management systems. Information security risk rating is conside...
متن کامل