Improvement of Elements Relationship Model for Risk Assessment

Risk assessment modeling starts with identifying assessment elements and their internal relationships.Some element relationship models based on ISO 13335 and ISO 15408 were analyzed and to overcome redundancy and static state of relationships in those models, directness consequence rule and time dynamic rule should be observed,and grading of protection requirements should be taken into account. With these rules, new elements were added to obtain a new relationship model for risk assessment. Meanwhile, a more comprehensive systemic figure of security elements relationships than that in ISO 13335 was formulated. Finally, we describe reciprocal relationships of security elements with a formal method, and present characteristics of different security states of information system.