Change search
CiteExportLink to record
Permanent link

Direct link
Cite
Citation style
  • apa
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf
Decision Support for Assessment of IT-security Risks
Stockholm University, Faculty of Social Sciences, Department of Computer and Systems Sciences.
Stockholm University, Faculty of Social Sciences, Department of Computer and Systems Sciences.
2013 (English)In: Proceedings of the International Conference on Security and Management SAM'13, USA: CSREA Press, 2013, 126-132 p.Conference paper, Published paper (Refereed)
Abstract [en]

IT-security risks can have a great impact on organizations and can cause high financial damage. To address security issues and avoid problems, knowledge about risks is vital. Therefore, a risk assessment process, which addresses security of IT-systems, is essential. However, risk assessment methods based on qualitative or quantitative approaches involve some difficulties and limitations. Therefore, in this research, we propose a risk assessment method based on semi-quantitative approach. The method provides decision support for security experts during evaluation of IT-security risks and enables assessment of threats both at a detailed level and as a whole. Imprecise information is captured from expert judgment and expressed numerically in interval form. The method is applied to a scenario in order to demonstrate its usage. We utilize a decision tool to present the outcomes. Moreover, sensitivity analysis is performed to point out most critical values.

Place, publisher, year, edition, pages
USA: CSREA Press, 2013. 126-132 p.
Keyword [en]
IT-Security Risks, Risk Assessment, Decision Support, Threat Tree, Imprecise information
National Category
Information Systems
Research subject
Computer and Systems Sciences
Identifiers
URN: urn:nbn:se:su:diva-97208ISBN: 1-60132-259-3 (print)OAI: oai:DiVA.org:su-97208DiVA: diva2:676252
Conference
WORLDCOMP '13 - The 2013 World Congress in Computer Science, Computer Engineering, and Applied Computing (International Conference on Security and Management), Las Vegas, Nevada, USA, July 22-25, 2013
Available from: 2013-12-05 Created: 2013-12-05 Last updated: 2014-02-03Bibliographically approved

Open Access in DiVA

No full text

Other links

http://world-comp.org/proc2013/sam/SAM_Papers.pdf

Search in DiVA

By author/editor
Moradian, EsmiraldaKalinina, Maria
By organisation
Department of Computer and Systems Sciences
Information Systems

Search outside of DiVA

GoogleGoogle Scholar

isbn
urn-nbn

Altmetric score

isbn
urn-nbn
Total: 77 hits
CiteExportLink to record
Permanent link

Direct link
Cite
Citation style
  • apa
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf