• DocumentCode
    644326
  • Title

    A risk recommendation approach for information security risk assessment

  • Author

    Ya-Chi Chu ; Yu-Chih Wei ; Wen-Hsuan Chang

  • Author_Institution
    Telecommunication Laboratories, Chunghwa Telecom Co., Ltd, Taoyuan, Taiwan, R.O.C
  • fYear
    2013
  • fDate
    25-27 Sept. 2013
  • Firstpage
    1
  • Lastpage
    3
  • Abstract
    Nowadays, information security becomes a critical issue on protecting the benefits of business operation. Many organizations introduce security risk management to ensure the security of business processes. However, in the processes of risk assessment, it is difficult and time-consuming to identify the threats and vulnerabilities for each asset. Furthermore, if the identified results diverged from the real situation, the organization may implement unnecessary controls to prevent the non-existing risk. In order to resolve these problems, we adopt data mining approach to find the relationship between asset and threat-vulnerability. And then, we propose a recommendation scheme for assisting user identifying threat and vulnerability. The experiment result shows that our recommendation mechanism can improve the efficiency and accuracy of the risk assessment.
  • Keywords
    Atmospheric modeling; Databases; Hardware; ISO; Maintenance engineering; Security; Servers; Data mining; Recommendation; Threat; Vulnerability;
  • fLanguage
    English
  • Publisher
    ieee
  • Conference_Titel
    Network Operations and Management Symposium (APNOMS), 2013 15th Asia-Pacific
  • Conference_Location
    Hiroshima, Japan
  • Type

    conf

  • Filename
    6665250