Ji-zheng GUAN , Ming-tao LEI , Xiao-lu ZHU , Jian-yi LIU
{"title":"Knowledge-based information security risk assessment method","authors":"Ji-zheng GUAN , Ming-tao LEI , Xiao-lu ZHU , Jian-yi LIU","doi":"10.1016/S1005-8885(13)60220-4","DOIUrl":null,"url":null,"abstract":"<div><p>It is an important function for managers to keep away from information security risks. With the increasing complex and scale of information systems, information system security risks may be more difficult to assess and strategies for risk reduction may be lack of objectivity. To solve this problem, this paper proposes a knowledge-based information security risk assessment method in which basic rules and specific rules are defined to match every asset, threat and vulnerability. Basic rules are defined as the rules without influence of external relationships. Specific rules are defined as the rules by user group. Performance analysis shows this method could increase efficiency and ensure accuracy of risk assessment.</p></div>","PeriodicalId":35359,"journal":{"name":"Journal of China Universities of Posts and Telecommunications","volume":"20 ","pages":"Pages 60-63"},"PeriodicalIF":0.0000,"publicationDate":"2013-12-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"https://sci-hub-pdf.com/10.1016/S1005-8885(13)60220-4","citationCount":"7","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Journal of China Universities of Posts and Telecommunications","FirstCategoryId":"1085","ListUrlMain":"https://www.sciencedirect.com/science/article/pii/S1005888513602204","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q4","JCRName":"Computer Science","Score":null,"Total":0}
引用次数: 7
Abstract
It is an important function for managers to keep away from information security risks. With the increasing complex and scale of information systems, information system security risks may be more difficult to assess and strategies for risk reduction may be lack of objectivity. To solve this problem, this paper proposes a knowledge-based information security risk assessment method in which basic rules and specific rules are defined to match every asset, threat and vulnerability. Basic rules are defined as the rules without influence of external relationships. Specific rules are defined as the rules by user group. Performance analysis shows this method could increase efficiency and ensure accuracy of risk assessment.
京公网安备 11010802042870号
京ICP备2023020795号-1
分享
求助内容:
应助结果提醒方式:
扫码关注我们
