DocumentCode
644326
Title
A risk recommendation approach for information security risk assessment
Author
Ya-Chi Chu ; Yu-Chih Wei ; Wen-Hsuan Chang
Author_Institution
Telecommunication Laboratories, Chunghwa Telecom Co., Ltd, Taoyuan, Taiwan, R.O.C
fYear
2013
fDate
25-27 Sept. 2013
Firstpage
1
Lastpage
3
Abstract
Nowadays, information security becomes a critical issue on protecting the benefits of business operation. Many organizations introduce security risk management to ensure the security of business processes. However, in the processes of risk assessment, it is difficult and time-consuming to identify the threats and vulnerabilities for each asset. Furthermore, if the identified results diverged from the real situation, the organization may implement unnecessary controls to prevent the non-existing risk. In order to resolve these problems, we adopt data mining approach to find the relationship between asset and threat-vulnerability. And then, we propose a recommendation scheme for assisting user identifying threat and vulnerability. The experiment result shows that our recommendation mechanism can improve the efficiency and accuracy of the risk assessment.
Keywords
Atmospheric modeling; Databases; Hardware; ISO; Maintenance engineering; Security; Servers; Data mining; Recommendation; Threat; Vulnerability;
fLanguage
English
Publisher
ieee
Conference_Titel
Network Operations and Management Symposium (APNOMS), 2013 15th Asia-Pacific
Conference_Location
Hiroshima, Japan
Type
conf
Filename
6665250
Link To Document