A Formal Methodology for Enterprise Information Security Risk Assessment

被引：0

作者：

Bhattacharjee, Jaya ^{[1
]}

Sengupta, Anirban ^{[1
]}

Mazumdar, Chandan ^{[1
]}

机构：

[1] Jadavpur Univ, Ctr Distributed Comp, Kolkata, India

来源：

2013 INTERNATIONAL CONFERENCE ON RISKS AND SECURITY OF INTERNET AND SYSTEMS (CRISIS) | 2013年

关键词：

D O I：

暂无

中图分类号：

TP [自动化技术、计算机技术];

学科分类号：

0812 ;

摘要：

Assets are valuable for an enterprise as they help to execute its business activities. They contain vulnerabilities, which, if exploited by threats, can cause harm to an enterprise. Risk assessment is the process of identifying potential harm (risks) that may occur if vulnerabilities are exploited by threats. Existing methodologies for assessing risks are inadequate as they fail to consider important aspects of risk elements, like asset dependency, vulnerability dependency, etc. This paper presents a formal risk assessment methodology that considers these issues during risk computation, and also identifies the actual contributors to risk values.

引用

页数：9

共 50 条

[21] Enterprise Information Technology Security: Risk Management Perspective
Rot, Artur
WCECS 2009: WORLD CONGRESS ON ENGINEERING AND COMPUTER SCIENCE, VOLS I AND II, 2009, : 1171 - 1176
[22] From information security management to enterprise risk management
Stoll, Margareth
Lecture Notes in Electrical Engineering, 2015, 313 : 9 - 16
[23] A Case Study on Risk Management of Enterprise Information Security
Huang, Rengen
Zhu, Zhen
2015 2nd International Conference on Creative Education (ICCE 2015), Pt 2, 2015, 11 : 201 - 208
[24] An information security control assessment methodology for organizations' financial information
Otero, Angel R.
INTERNATIONAL JOURNAL OF ACCOUNTING INFORMATION SYSTEMS, 2015, 18 : 26 - 45
[25] Enterprise Information Security Architecture A Review of Frameworks, Methodology, and Case Studies
Oda, S. Michelle
Fu, Huirong
Zhu, Ye
2009 2ND IEEE INTERNATIONAL CONFERENCE ON COMPUTER SCIENCE AND INFORMATION TECHNOLOGY, VOL 3, 2009, : 333 - +
[26] The Application of Big Data and Artificial Intelligence Technology in Enterprise Information Security Management and Risk Assessment
Wang, Qi
Zong, Bangfeng
Lin, Yong
Li, Zhuangzhuang
Luo, Xv
JOURNAL OF ORGANIZATIONAL AND END USER COMPUTING, 2023, 35 (01)
[27] Attack Tree Based Information Security Risk Assessment Method Integrating Enterprise Objectives with Vulnerabilities
Karabey, Bugra
Baykal, Nazife
INTERNATIONAL ARAB JOURNAL OF INFORMATION TECHNOLOGY, 2013, 10 (03) : 297 - 304
[28] A Quantitative Methodology for Cloud Security Risk Assessment
Basu, Srijita
Sengupta, Anirban
Mazumdar, Chandan
CLOSER: PROCEEDINGS OF THE 7TH INTERNATIONAL CONFERENCE ON CLOUD COMPUTING AND SERVICES SCIENCE, 2017, : 92 - 103
[29] Formal measures for semantic interoperability assessment in cooperative enterprise information systems
Yahia, Esma
Aubry, Alexis
Panetto, Herve
COMPUTERS IN INDUSTRY, 2012, 63 (05) : 443 - 457
[30] Information Security Risk Assessment in SCM
Roy, Arup
Gupta, A. D.
Deshmukh, S. G.
2013 IEEE INTERNATIONAL CONFERENCE ON INDUSTRIAL ENGINEERING AND ENGINEERING MANAGEMENT (IEEM 2013), 2013, : 1002 - 1006

← 1 2 3 4 5 →