Information Security Risk Assessment — A Practical Approach with a Mathematical Formulation of Risk
10.5120/18097-9155 |
Mohamed Ghazouani, Sophia Faris, Hicham Medromi and Adil Sayouti. Article: Information Security Risk Assessment — A Practical Approach with a Mathematical Formulation of Risk. International Journal of Computer Applications 103(8):36-42, October 2014. Full text available. BibTeX
@article{key:article, author = {Mohamed Ghazouani and Sophia Faris and Hicham Medromi and Adil Sayouti}, title = {Article: Information Security Risk Assessment — A Practical Approach with a Mathematical Formulation of Risk}, journal = {International Journal of Computer Applications}, year = {2014}, volume = {103}, number = {8}, pages = {36-42}, month = {October}, note = {Full text available} }
Abstract
Risk management methodologies, such as Mehari, Ebios, CRAMM and SP 800-30 (NIST) use a common step based on threat, vulnerability and probability witch are typically evaluated intuitively using verbal hazard scales such as low, medium, high. Because of their subjectivity, these categories are extremely difficult to assign to threats, vulnerabilities and probability, or indeed, to interpret with any degree of confidence. The purpose of the paper is to propose a mathematical formulation of risk by using a lower level of granularity of its elements: threat, probability, criteria used to determine an asset's value, exposure, frequency and existing protection measure.
References
- By Jake Kouns and Daniel Minoli 2010. ISBN:9780471762546. Information Technology Risk Management in Enterprise Environments: A Review of Industry Practices and a Practical Guide to Risk Management Teams
- MARGERIT – Version 2: Methodology for Information Systems Risk Analysis and Management. Book I – The Method, Published by MINISTERIO DE ADMINISTRACIONES PU´ BLICAS, Madrid, 20 June 2006 (v 1. 1), NIPO: 326-06-004-8.
- By E. Andreas, F. Stefan, N. Thomas : AURUM : A Framework for Information Security Risk Management. Hawaii International Conference on System Sciences – 2009.
- By K. Hemanth, B. Sofiene, A. Logrippo : A framework for risk assessment in access control systems. computers & security 39 ( 2013 ) 86 – 103
- M. Raydel, F. Stefan : Automation Possibilities in Information Security Management. 2011 European Intelligence and Security Informatics Conference. 259-262.
- S. Mohamed, A. Abdulkader : A new comprehensive framework for enterprise information security risk management. Applied Computing and Informatics. 2011. 107-118.
- S. Palaniappan, A. Rabiah, Y. Mariana : A conceptual framework of info structure for information security risk assessment (ISRA). Journal of Information Security and Applications. 2013. 45-52.
- By Jake Kouns and Daniel Minoli 2010. ISBN: 9780471762546. Information Technology Risk Management in Enterprise Environments: A Review of Industry Practices and a Practical Guide to Risk Management Teams.
- Information technology—Security techniques— Information security risk management. INTERNATIONAL STANDARD ISO/IEC 27005 First edition 2008-06-15.
- Mark Ryan M. Talabis and Jason L. Martin 2013. ISBN:9781597497350. Information Security Risk Assessment Toolkit: Practical Assessments Through Data Collection and Data Analysis
- Prentice Hall; 3 edition, 2009. Stuart J. Russell and Peter Norvig, "Artificial Intelligence: a Modern Approach".
- Roxanne E. Burkey and Charles V. Breakfield (eds. ) 2001. Designing a Total Data Solution: Technology, Implementation, and Deployment. ISBN:9780849308932
- Automating System Security Audits. ISACA Journal, volume 1, 2004.
- "Autonomous and Intelligent Mobile Systems based on Multi-Agent Systems" Auteurs: A. Sayouti and H. Medromi. Book Chapter in the book "Multi-Agent Systems - Modeling, Control, Programming, Simulations and Applications", ISBN 978-953-307-174-9, InTech, April 4, 2011.