Decision Support for Assessment of IT-security Risks
2013 (English)In: Proceedings of the International Conference on Security and Management SAM'13, USA: CSREA Press, 2013, 126-132 p.Conference paper (Refereed)
IT-security risks can have a great impact on organizations and can cause high financial damage. To address security issues and avoid problems, knowledge about risks is vital. Therefore, a risk assessment process, which addresses security of IT-systems, is essential. However, risk assessment methods based on qualitative or quantitative approaches involve some difficulties and limitations. Therefore, in this research, we propose a risk assessment method based on semi-quantitative approach. The method provides decision support for security experts during evaluation of IT-security risks and enables assessment of threats both at a detailed level and as a whole. Imprecise information is captured from expert judgment and expressed numerically in interval form. The method is applied to a scenario in order to demonstrate its usage. We utilize a decision tool to present the outcomes. Moreover, sensitivity analysis is performed to point out most critical values.
Place, publisher, year, edition, pages
USA: CSREA Press, 2013. 126-132 p.
IT-Security Risks, Risk Assessment, Decision Support, Threat Tree, Imprecise information
Research subject Computer and Systems Sciences
IdentifiersURN: urn:nbn:se:su:diva-97208ISBN: 1-60132-259-3OAI: oai:DiVA.org:su-97208DiVA: diva2:676252
WORLDCOMP '13 - The 2013 World Congress in Computer Science, Computer Engineering, and Applied Computing (International Conference on Security and Management), Las Vegas, Nevada, USA, July 22-25, 2013