{"title":"Design of a computer-aided system for risk assessment on information systems","authors":"Gen-Yih Liao, Chen Song","doi":"10.1109/CCST.2003.1297553","DOIUrl":null,"url":null,"abstract":"The Internet creates an efficient environment for businesses to conduct transactions, while also creating a channel for outsiders to access organizational assets. To determine the reasonable amount of security investment, security officers would conduct risk assessment to evaluate the risk values in existing systems. In traditional risk assessment processes, however, heavy dependence on human experts leads to difficulties in automating risk assessment. We propose a transaction based computer aided system to facilitate risk assessment on information systems. The proposed system evaluates assets with business transactions, which facilitates the procedures of asset evaluation. The likelihood model used by the system can assist the risk analysts in conducting what-if analyses to determine risk values. Therefore, the proposed system contributes in enhancing the level of automation regarding risk assessment.","PeriodicalId":344868,"journal":{"name":"IEEE 37th Annual 2003 International Carnahan Conference onSecurity Technology, 2003. Proceedings.","volume":"8 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2003-10-14","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"7","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"IEEE 37th Annual 2003 International Carnahan Conference onSecurity Technology, 2003. Proceedings.","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/CCST.2003.1297553","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
引用次数: 7
Abstract
The Internet creates an efficient environment for businesses to conduct transactions, while also creating a channel for outsiders to access organizational assets. To determine the reasonable amount of security investment, security officers would conduct risk assessment to evaluate the risk values in existing systems. In traditional risk assessment processes, however, heavy dependence on human experts leads to difficulties in automating risk assessment. We propose a transaction based computer aided system to facilitate risk assessment on information systems. The proposed system evaluates assets with business transactions, which facilitates the procedures of asset evaluation. The likelihood model used by the system can assist the risk analysts in conducting what-if analyses to determine risk values. Therefore, the proposed system contributes in enhancing the level of automation regarding risk assessment.
京公网安备 11010802042870号
京ICP备2023020795号-1
分享
求助内容:
应助结果提醒方式:
扫码关注我们
