Quantitative risk analysis and evaluation in information systems

A case study

Young G. Kim, Jong In Lim

Research output: Chapter in Book/Report/Conference proceedingConference contribution

3 Citations (Scopus)

Abstract

The rapid growth of the Internet technology has encouraged organizations to protect their information assets. Furthermore, the need for risk analysis has become very important for organizations. However, the existing risk analysis just presents the guidelines that can be used to determine the security measures but do not support how to evaluate the risks quantitatively. Therefore, in this paper, the quantitative risk evaluation model based on the Markov process, especially for the case of interrelated threats, is proposed. In addition, in order to analyze the relationship between threats, the basic analysis method using the covariance and the correlation coefficient is presented.

Original languageEnglish
Title of host publicationLecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Pages1040-1047
Number of pages8
Volume4489 LNCS
EditionPART 3
Publication statusPublished - 2007 Dec 1
Event7th International Conference on Computational Science, ICCS 2007 - Beijing, China
Duration: 2007 May 272007 May 30

Publication series

NameLecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
NumberPART 3
Volume4489 LNCS
ISSN (Print)03029743
ISSN (Electronic)16113349

Other

Other7th International Conference on Computational Science, ICCS 2007
CountryChina
CityBeijing
Period07/5/2707/5/30

Fingerprint

Risk Evaluation
Quantitative Evaluation
Risk Analysis
Risk analysis
Quantitative Analysis
Information Systems
Information systems
Evaluation Model
Correlation coefficient
Markov Process
Markov processes
Security Measures
Internet
Model-based
Markov Chains
Evaluate
Guidelines
Technology
Growth
Relationships

ASJC Scopus subject areas

  • Biochemistry, Genetics and Molecular Biology(all)
  • Computer Science(all)
  • Theoretical Computer Science

Cite this

Kim, Y. G., & Lim, J. I. (2007). Quantitative risk analysis and evaluation in information systems: A case study. In Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) (PART 3 ed., Vol. 4489 LNCS, pp. 1040-1047). (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 4489 LNCS, No. PART 3).

Quantitative risk analysis and evaluation in information systems : A case study. / Kim, Young G.; Lim, Jong In.

Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics). Vol. 4489 LNCS PART 3. ed. 2007. p. 1040-1047 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 4489 LNCS, No. PART 3).

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Kim, YG & Lim, JI 2007, Quantitative risk analysis and evaluation in information systems: A case study. in Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics). PART 3 edn, vol. 4489 LNCS, Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), no. PART 3, vol. 4489 LNCS, pp. 1040-1047, 7th International Conference on Computational Science, ICCS 2007, Beijing, China, 07/5/27.
Kim YG, Lim JI. Quantitative risk analysis and evaluation in information systems: A case study. In Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics). PART 3 ed. Vol. 4489 LNCS. 2007. p. 1040-1047. (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); PART 3).
Kim, Young G. ; Lim, Jong In. / Quantitative risk analysis and evaluation in information systems : A case study. Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics). Vol. 4489 LNCS PART 3. ed. 2007. pp. 1040-1047 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); PART 3).
@inproceedings{6041aeb3fe1a4ba7814100989b665dd9,
title = "Quantitative risk analysis and evaluation in information systems: A case study",
abstract = "The rapid growth of the Internet technology has encouraged organizations to protect their information assets. Furthermore, the need for risk analysis has become very important for organizations. However, the existing risk analysis just presents the guidelines that can be used to determine the security measures but do not support how to evaluate the risks quantitatively. Therefore, in this paper, the quantitative risk evaluation model based on the Markov process, especially for the case of interrelated threats, is proposed. In addition, in order to analyze the relationship between threats, the basic analysis method using the covariance and the correlation coefficient is presented.",
author = "Kim, {Young G.} and Lim, {Jong In}",
year = "2007",
month = "12",
day = "1",
language = "English",
isbn = "9783540725879",
volume = "4489 LNCS",
series = "Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)",
number = "PART 3",
pages = "1040--1047",
booktitle = "Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)",
edition = "PART 3",

}

TY - GEN

T1 - Quantitative risk analysis and evaluation in information systems

T2 - A case study

AU - Kim, Young G.

AU - Lim, Jong In

PY - 2007/12/1

Y1 - 2007/12/1

N2 - The rapid growth of the Internet technology has encouraged organizations to protect their information assets. Furthermore, the need for risk analysis has become very important for organizations. However, the existing risk analysis just presents the guidelines that can be used to determine the security measures but do not support how to evaluate the risks quantitatively. Therefore, in this paper, the quantitative risk evaluation model based on the Markov process, especially for the case of interrelated threats, is proposed. In addition, in order to analyze the relationship between threats, the basic analysis method using the covariance and the correlation coefficient is presented.

AB - The rapid growth of the Internet technology has encouraged organizations to protect their information assets. Furthermore, the need for risk analysis has become very important for organizations. However, the existing risk analysis just presents the guidelines that can be used to determine the security measures but do not support how to evaluate the risks quantitatively. Therefore, in this paper, the quantitative risk evaluation model based on the Markov process, especially for the case of interrelated threats, is proposed. In addition, in order to analyze the relationship between threats, the basic analysis method using the covariance and the correlation coefficient is presented.

UR - http://www.scopus.com/inward/record.url?scp=38149133811&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=38149133811&partnerID=8YFLogxK

M3 - Conference contribution

SN - 9783540725879

VL - 4489 LNCS

T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)

SP - 1040

EP - 1047

BT - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)

ER -