A security risk analysis model for information systems

Hoh Peter In; Young Gab Kim; Taek Lee; Chang Joo Moon; Yoonjung Jung; Injung Kim

doi:10.1007/978-3-540-30585-9_56

A security risk analysis model for information systems

Hoh Peter In, Young Gab Kim, Taek Lee, Chang Joo Moon, Yoonjung Jung, Injung Kim

Department of Computer Science and Engineering

Research output: Contribution to journal › Conference article

14 Citations (Scopus)

Abstract

Information security is a crucial technique for an organization to survive in these days. However, there is no integrated model to assess the security risk quantitatively and optimize its resources to protect organization information and assets effectively. In this paper, an integrated, quantitative risk analysis model is proposed including asset, threat and vulnerability evaluations by adapting software risk management techniques. It is expected to analyze security risk effectively and optimize resources to mitigate the risk.

Original language	English
Pages (from-to)	505-513
Number of pages	9
Journal	Lecture Notes in Artificial Intelligence (Subseries of Lecture Notes in Computer Science)
Volume	3398
DOIs	https://doi.org/10.1007/978-3-540-30585-9_56
Publication status	Published - 2005
Event	Third Asian Simulation Conference, Asiasim 2004 - Jeju Island, Korea, Republic of Duration: 2004 Oct 4 → 2004 Oct 6

ASJC Scopus subject areas

Theoretical Computer Science
Computer Science(all)

Access to Document

10.1007/978-3-540-30585-9_56

Fingerprint Dive into the research topics of 'A security risk analysis model for information systems'. Together they form a unique fingerprint.

Cite this

In, H. P., Kim, Y. G., Lee, T., Moon, C. J., Jung, Y., & Kim, I. (2005). A security risk analysis model for information systems. Lecture Notes in Artificial Intelligence (Subseries of Lecture Notes in Computer Science), 3398, 505-513. https://doi.org/10.1007/978-3-540-30585-9_56

@article{ad1feb3769df4a1795abaa3e96532f3d,

title = "A security risk analysis model for information systems",

abstract = "Information security is a crucial technique for an organization to survive in these days. However, there is no integrated model to assess the security risk quantitatively and optimize its resources to protect organization information and assets effectively. In this paper, an integrated, quantitative risk analysis model is proposed including asset, threat and vulnerability evaluations by adapting software risk management techniques. It is expected to analyze security risk effectively and optimize resources to mitigate the risk.",

author = "In, {Hoh Peter} and Kim, {Young Gab} and Taek Lee and Moon, {Chang Joo} and Yoonjung Jung and Injung Kim",

year = "2005",

doi = "10.1007/978-3-540-30585-9_56",

language = "English",

volume = "3398",

pages = "505--513",

journal = "Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)",

issn = "0302-9743",

publisher = "Springer Verlag",

note = "Third Asian Simulation Conference, Asiasim 2004 ; Conference date: 04-10-2004 Through 06-10-2004",

}

TY - JOUR

T1 - A security risk analysis model for information systems

AU - In, Hoh Peter

AU - Kim, Young Gab

AU - Lee, Taek

AU - Moon, Chang Joo

AU - Jung, Yoonjung

AU - Kim, Injung

PY - 2005

Y1 - 2005

N2 - Information security is a crucial technique for an organization to survive in these days. However, there is no integrated model to assess the security risk quantitatively and optimize its resources to protect organization information and assets effectively. In this paper, an integrated, quantitative risk analysis model is proposed including asset, threat and vulnerability evaluations by adapting software risk management techniques. It is expected to analyze security risk effectively and optimize resources to mitigate the risk.

AB - Information security is a crucial technique for an organization to survive in these days. However, there is no integrated model to assess the security risk quantitatively and optimize its resources to protect organization information and assets effectively. In this paper, an integrated, quantitative risk analysis model is proposed including asset, threat and vulnerability evaluations by adapting software risk management techniques. It is expected to analyze security risk effectively and optimize resources to mitigate the risk.

UR - http://www.scopus.com/inward/record.url?scp=26844539351&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=26844539351&partnerID=8YFLogxK

U2 - 10.1007/978-3-540-30585-9_56

DO - 10.1007/978-3-540-30585-9_56

M3 - Conference article

AN - SCOPUS:26844539351

VL - 3398

SP - 505

EP - 513

JO - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)

JF - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)

SN - 0302-9743

T2 - Third Asian Simulation Conference, Asiasim 2004

Y2 - 4 October 2004 through 6 October 2004

ER -