Journal of Information Processing
Online ISSN : 1882-6652
ISSN-L : 1882-6652
An Approach to Perform Quantitative Information Security Risk Assessment in IT Landscapes
Anton RomanovHiroe TsubakiEiji Okamoto
Author information
JOURNAL FREE ACCESS

2010 Volume 18 Pages 213-226

Details
Abstract

The purpose of this paper is to propose a quantitative approach for the effective and efficient assessment of risks related to information security. Though there are already several other approaches proposed to measure information security (IS) related risk, they are either inapplicable to real enterprises' IT landscapes or are of a qualitative nature, i.e. based on subjective decisions of the implementation team and thus could suffer from a significant degree of speculation. In contrast, our approach is based on objective statistical data, provides quantitative results and can be easily applied to any enterprise of any industry or any non-profit organization. An example of the application of the proposed approach to a real enterprise is also provided. The only prerequisite for the proposed methodology is a sufficient amount of incidents statistics collected under conditions described later in this paper. The reason for such research is that performing of IS related risk assessment is one of the procedures required to manage information security. And the process of IS management has recently become one of the highest concerns for most organizations and enterprises. It is caused not only by the growth of hackers' activity but also because of increasing legal requirements and compliance issues.

Content from these authors
© 2010 by the Information Processing Society of Japan
Previous article Next article
feedback
Top