Title :
A Novel Security Risk Assessment Method of Enterprise Information System Based on the Correlation of Equipments
Author :
Liu, Yong ; Lin, Qi ; Meng, Kun ; Tian, Zhi Min
Author_Institution :
Northeastern Univ., Shenyang, China
Abstract :
Many risk assessment approaches evaluate the security by considering the status of equipments in the system separately, while the infrastructure of the system, which also has impact on assessing the system risk, is not taken into consideration properly. In this paper we propose a novel risk assessment method which considers the correlation of the equipments in the evaluated system. Where the risk of every equipment is divided into the individual one and the impact of other equipments. By setting vulnerability-threat conjunction matrix of the equipments, we give an approach which is facilitate to calculate the impact of other equipments. In the end of the paper, we propose an example to explain the correctness and efficiency of the proposed method.
Keywords :
business data processing; graph theory; matrix algebra; risk management; security of data; enterprise information system; equipment correlation; security risk assessment; vulnerability-threat conjunction matrix; Computer errors; Computer industry; Computer networks; Computer science; Computer security; Information science; Information security; Information systems; Risk management; Standards organizations;
Conference_Titel :
Information Science and Engineering (ICISE), 2009 1st International Conference on
Conference_Location :
Nanjing
Print_ISBN :
978-1-4244-4909-5
DOI :
10.1109/ICISE.2009.124
