{"title":"组织的信息安全相关风险评估:多准则决策方法的应用","authors":"Bao-Chyuan Guan, Chi-Chun Lo, Ping Wang, Jaw-Shi Hwang","doi":"10.1109/CCST.2003.1297555","DOIUrl":null,"url":null,"abstract":"In the wake of the fast popularization of information and the rise of electronic commerce, information security is gaining much attention. How to perform the evaluation of the value of assets, how to perform the analysis of the risks associated with assets, and how to protect information assets from sabotage, theft and tamper are important topics in the study of the management of information security. We address the aspects of confidentiality, integrity and availability of information and apply the Analytic Hierarchy Process (AHP) to consolidate expert's opinions on information risks, in order to construct an integrated framework for risk analysis. The BS7799 standard and the risk level matrix (RLM) are used accordingly to evaluate the effectiveness of and to categorize the risk management measures and to create a complete model for the assessment of information assets related risks. Finally, the research results are verified by a case study. The results can be used by organizations as references for information security planning and management process improvements.","PeriodicalId":344868,"journal":{"name":"IEEE 37th Annual 2003 International Carnahan Conference onSecurity Technology, 2003. Proceedings.","volume":"15 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2003-10-14","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"24","resultStr":"{\"title\":\"Evaluation of information security related risks of an organization: the application of the multicriteria decision-making method\",\"authors\":\"Bao-Chyuan Guan, Chi-Chun Lo, Ping Wang, Jaw-Shi Hwang\",\"doi\":\"10.1109/CCST.2003.1297555\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"In the wake of the fast popularization of information and the rise of electronic commerce, information security is gaining much attention. How to perform the evaluation of the value of assets, how to perform the analysis of the risks associated with assets, and how to protect information assets from sabotage, theft and tamper are important topics in the study of the management of information security. We address the aspects of confidentiality, integrity and availability of information and apply the Analytic Hierarchy Process (AHP) to consolidate expert's opinions on information risks, in order to construct an integrated framework for risk analysis. The BS7799 standard and the risk level matrix (RLM) are used accordingly to evaluate the effectiveness of and to categorize the risk management measures and to create a complete model for the assessment of information assets related risks. Finally, the research results are verified by a case study. The results can be used by organizations as references for information security planning and management process improvements.\",\"PeriodicalId\":344868,\"journal\":{\"name\":\"IEEE 37th Annual 2003 International Carnahan Conference onSecurity Technology, 2003. Proceedings.\",\"volume\":\"15 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2003-10-14\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"24\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"IEEE 37th Annual 2003 International Carnahan Conference onSecurity Technology, 2003. Proceedings.\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/CCST.2003.1297555\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"IEEE 37th Annual 2003 International Carnahan Conference onSecurity Technology, 2003. Proceedings.","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/CCST.2003.1297555","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
Evaluation of information security related risks of an organization: the application of the multicriteria decision-making method
In the wake of the fast popularization of information and the rise of electronic commerce, information security is gaining much attention. How to perform the evaluation of the value of assets, how to perform the analysis of the risks associated with assets, and how to protect information assets from sabotage, theft and tamper are important topics in the study of the management of information security. We address the aspects of confidentiality, integrity and availability of information and apply the Analytic Hierarchy Process (AHP) to consolidate expert's opinions on information risks, in order to construct an integrated framework for risk analysis. The BS7799 standard and the risk level matrix (RLM) are used accordingly to evaluate the effectiveness of and to categorize the risk management measures and to create a complete model for the assessment of information assets related risks. Finally, the research results are verified by a case study. The results can be used by organizations as references for information security planning and management process improvements.
京公网安备 11010802042870号
京ICP备2023020795号-1
分享
求助内容:
应助结果提醒方式:
扫码关注我们
