TY - JOUR
T1 - A security risk analysis model for information systems
AU - In, Hoh Peter
AU - Kim, Young Gab
AU - Lee, Taek
AU - Moon, Chang Joo
AU - Jung, Yoonjung
AU - Kim, Injung
PY - 2005
Y1 - 2005
N2 - Information security is a crucial technique for an organization to survive in these days. However, there is no integrated model to assess the security risk quantitatively and optimize its resources to protect organization information and assets effectively. In this paper, an integrated, quantitative risk analysis model is proposed including asset, threat and vulnerability evaluations by adapting software risk management techniques. It is expected to analyze security risk effectively and optimize resources to mitigate the risk.
AB - Information security is a crucial technique for an organization to survive in these days. However, there is no integrated model to assess the security risk quantitatively and optimize its resources to protect organization information and assets effectively. In this paper, an integrated, quantitative risk analysis model is proposed including asset, threat and vulnerability evaluations by adapting software risk management techniques. It is expected to analyze security risk effectively and optimize resources to mitigate the risk.
UR - http://www.scopus.com/inward/record.url?scp=26844539351&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=26844539351&partnerID=8YFLogxK
U2 - 10.1007/978-3-540-30585-9_56
DO - 10.1007/978-3-540-30585-9_56
M3 - Conference article
AN - SCOPUS:26844539351
VL - 3398
SP - 505
EP - 513
JO - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
JF - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
SN - 0302-9743
T2 - Third Asian Simulation Conference, Asiasim 2004
Y2 - 4 October 2004 through 6 October 2004
ER -