论文信息 - A model for asset valuation in security risk analysis regarding assets' dependencies

A model for asset valuation in security risk analysis regarding assets' dependencies

Organizations leverage security risk analysis methods to detect and prioritize the security risks. One of the main parameters in risk analysis is assets value which is used to calculate the security impact of probable threats. Although, assets are not independent and their values usually depend to other assets, most of the current approaches do not consider the interdependency of assets in the valuation process. In this paper, a model for asset valuation regarding dependencies between assets is presented. The model is based on a meta-model which dependencies between assets and asset types are well-specified. Then, the value propagation graph is defined to represent the effects of different assets to each other value and then an algorithm is presented to calculate assets value. Finally, the effectiveness of the model is verified by a real case study. The presented approach gains a meta-model to address any dependency between assets in different layers of an organization. Also, use of the value propagation graph assures that all types of assets that affect value of an asset are considered for valuating assets.

H. R. Shahriari | I. Loloei | A. Sadeghi

[1] Ewald F. Fuchs,et al. Influence of harmonics on power distribution system protection , 1988 .

[2] Tai-Myung Chung,et al. Risk Assessment Method Based on Business Process-Oriented Asset Evaluation for Information System Security , 2007, International Conference on Computational Science.

[3] Ingoo Han,et al. The IS risk analysis based on a business model , 2003, Inf. Manag..

[4] Sandro Etalle,et al. Model-Based Mitigation of Availability Risks , 2007, 2007 2nd IEEE/IFIP International Workshop on Business-Driven IT Management.

[5] Ralph Spencer Poore,et al. Valuing Information Assets for Security Risk Management , 2000, Inf. Secur. J. A Glob. Perspect..

[6] P. Eng,et al. Asset Valuation Technique for Network Management and Security , 2006, Sixth IEEE International Conference on Data Mining - Workshops (ICDMW'06).

[7] Ruth Breu,et al. Using an Enterprise Architecture for IT Risk Management , 2006, ISSA.

[8] Tai-Myung Chung,et al. Two-Dimensional Qualitative Asset Analysis Method based on Business Process-Oriented Asset Evaluation , 2005, J. Inf. Process. Syst..

[9] G. Stoneburner,et al. Risk Management Guide for Information Technology Systems: Recommendations of the National Institute of Standards and Technology , 2002 .