Title :
IA risk assessment process
Author :
Montry, Kenneth ; Kelley, Richard
Author_Institution :
Boeing Co., Seattle, WA, USA
Abstract :
When considering the information assurance (IA) requirement against a particular program, one must consider the actual risk that needs to be mitigated by any proposed solution. Understanding the actual risk and applying only those solutions deemed necessary will provide a best value approach to the customer. This paper defines one method to gain an understanding of IA risk by exploring the threats applicable to the system, the paths down which those threats can act and the effects of that action on the system given the environment in which the system currently exists. Considering all of those factors will allow a relative risk to be assigned for each applicable intersection.
Keywords :
information management; risk management; security of data; information assurance requirement; risk assessment process; Authentication; Conferences; Control systems; Data security; Information security; Performance analysis; Risk analysis; Risk management; Systems engineering and theory; Text analysis;
Conference_Titel :
Information Assurance Workshop, 2005. IAW '05. Proceedings from the Sixth Annual IEEE SMC
Print_ISBN :
0-7803-9290-6
DOI :
10.1109/IAW.2005.1495991
