Change search
ReferencesLink to record
Permanent link

Direct link
Decision Support for Assessment of IT-security Risks
Stockholm University, Faculty of Social Sciences, Department of Computer and Systems Sciences.
Stockholm University, Faculty of Social Sciences, Department of Computer and Systems Sciences.
2013 (English)In: Proceedings of the International Conference on Security and Management SAM'13, USA: CSREA Press, 2013, 126-132 p.Conference paper (Refereed)
Abstract [en]

IT-security risks can have a great impact on organizations and can cause high financial damage. To address security issues and avoid problems, knowledge about risks is vital. Therefore, a risk assessment process, which addresses security of IT-systems, is essential. However, risk assessment methods based on qualitative or quantitative approaches involve some difficulties and limitations. Therefore, in this research, we propose a risk assessment method based on semi-quantitative approach. The method provides decision support for security experts during evaluation of IT-security risks and enables assessment of threats both at a detailed level and as a whole. Imprecise information is captured from expert judgment and expressed numerically in interval form. The method is applied to a scenario in order to demonstrate its usage. We utilize a decision tool to present the outcomes. Moreover, sensitivity analysis is performed to point out most critical values.

Place, publisher, year, edition, pages
USA: CSREA Press, 2013. 126-132 p.
Keyword [en]
IT-Security Risks, Risk Assessment, Decision Support, Threat Tree, Imprecise information
National Category
Information Systems
Research subject
Computer and Systems Sciences
URN: urn:nbn:se:su:diva-97208ISBN: 1-60132-259-3OAI: diva2:676252
WORLDCOMP '13 - The 2013 World Congress in Computer Science, Computer Engineering, and Applied Computing (International Conference on Security and Management), Las Vegas, Nevada, USA, July 22-25, 2013
Available from: 2013-12-05 Created: 2013-12-05 Last updated: 2014-02-03Bibliographically approved

Open Access in DiVA

No full text

Other links

Search in DiVA

By author/editor
Moradian, EsmiraldaKalinina, Maria
By organisation
Department of Computer and Systems Sciences
Information Systems

Search outside of DiVA

GoogleGoogle Scholar
The number of downloads is the sum of all downloads of full texts. It may include eg previous versions that are now no longer available

Total: 65 hits
ReferencesLink to record
Permanent link

Direct link