论文信息 - Metrics analysis of risk profile: A perspective on business aspects

Metrics analysis of risk profile: A perspective on business aspects

Risk analysis is process to identify and develop profile of risk. Most risk analysis procedures focuses in technical perspectives, whereas business perspective is less involved. Business impacts are very important to be considered because it is related to business continuity of organization. Therefore, identification of business aspects is needed to be done so that aspects can be used as metrics in risk analysis of IT security threats. This paper proposes metrics of risk analysis in IT security threats based on business aspects. Methods for validating business aspects as metrics are literature analysis, linear regression analysis, correlation analysis and significancy analysis. The defined metrics will be used to develop risk analysis procedure in future work so it is expected to result better output in risk profile.

[1] David C. Yen,et al. Determinants of intangible assets value: The data mining approach , 2012, Knowl. Based Syst..

[2] Neeraj Suri,et al. Quantitative assessment of software vulnerabilities based on economic-driven security metrics , 2013, 2013 International Conference on Risks and Security of Internet and Systems (CRiSIS).

[3] Shuchih Ernest Chang,et al. Organizational factors to the effectiveness of implementing information security management , 2006, Ind. Manag. Data Syst..

[4] Roger M. Cooke,et al. Fifteen years of expert judgement at TUDelft , 2008 .

[5] Markus Nüttgens,et al. Key Information Requirements for Process Audits - an Expert Perspective , 2012, EMISA.

[6] supT.F. Michael Raj.,et al. Improving Web Application Security Using Penetration Testing , 2014 .

[7] Neeraj Suri,et al. Assessing the security of internet-connected critical infrastructures , 2014, Secur. Commun. Networks.

[8] Wael A. Awad,et al. Empirical assessment for security risk and availability in public Cloud frameworks , 2016, 2016 11th International Conference on Computer Engineering & Systems (ICCES).

[9] Ruth Breu,et al. An Empirically Derived Loss Taxonomy Based on Publicly Known Security Incidents , 2009, 2009 International Conference on Availability, Reliability and Security.