Organizational Risk Assessment Based on Attacks Repetition

Risk assessment is a very critical and important process to protect the organization assets and reputation against security threats and risks. It provides a clear picture of the current threats that the organization is facing and helps the top management to take the right decision to eliminate or mitigate those risks. Usually if the vulnerability is exploited, the same attack may be happen twice or more in a different time periods because the vulnerability has been exploited and not mitigated. In this paper, we are illustrating our observation of the relation between the risk value and the number of attacks targeting this risk.

[1]  Gary Stoneburner,et al.  SP 800-30. Risk Management Guide for Information Technology Systems , 2002 .

[2]  Daniel E. Geer,et al.  Information security is information risk management , 2001, NSPW '01.

[3]  Gary McGraw,et al.  Risk Analysis in Software Design , 2004, IEEE Secur. Priv..

[4]  Karim Djemame,et al.  Towards a Service Lifecycle Based Methodology for Risk Assessment in Cloud Computing , 2011, 2011 IEEE Ninth International Conference on Dependable, Autonomic and Secure Computing.

[5]  Roberto J. Mejias An Integrative Model of Information Security Awareness for Assessing Information Systems Security Risk , 2012, 2012 45th Hawaii International Conference on System Sciences.

[6]  David P. Gilliam Security risks: management and mitigation in the software life cycle , 2004, 13th IEEE International Workshops on Enabling Technologies: Infrastructure for Collaborative Enterprises.

[7]  Shih-Jen Chen,et al.  A Mechanism on Risk Analysis of Information Security with Dynamic Assessment , 2011, 2011 Third International Conference on Intelligent Networking and Collaborative Systems.

[8]  G. Stoneburner,et al.  Risk Management Guide for Information Technology Systems: Recommendations of the National Institute of Standards and Technology , 2002 .