Title :
A new quantitative approach for information security risk assessment
Author :
Asosheh, Abbas ; Dehmoubed, Bijan ; Khani, Amir
Author_Institution :
Dept. of Ind. Eng., Tarbiat Modares Univ., Tehran, Iran
Abstract :
There are so many models for security risk assessment, but most of them are non practical. An effective security risk management process enables enterprises to operate in the most cost efficient manner with a known and acceptable level of business risk. Callio Secura 17799 is a simple, but effective tool for implementing an information security management system, based on the ISO/IEC 27001:2005 standard and has a module for risk assessment. Also Microsoft has a Risk Assessment model. By studying and implementing the above two models in the real environment, we reach to the point that none of them can fit the business requirements completely. The Callio Secura approach is a very complete model for assessing the Exposure Factor (EF) of a risk, but it doesn´t calculate the business impact of a risk. Vice versa the MS risk assessment approach starts from the EF and ends with the calculation of ROSI. In this poster we introduce a new approach for assessing the security risk of information assets. This new model is composed of the MS risk assessment model and the Callio Secura risk assessment model with some changes.
Keywords :
DP management; risk management; security of data; Callio Secura 17799; ISO/IEC 27001:2005 standard; IT security risk assessment; Microsoft risk assessment model; business risk; exposure factor; information security risk assessment; Engineering management; Environmental management; IEC standards; ISO standards; Industrial engineering; Information management; Information security; Risk management; TV; Technology management;
Conference_Titel :
Intelligence and Security Informatics, 2009. ISI '09. IEEE International Conference on
Conference_Location :
Dallas, TX
Print_ISBN :
978-1-4244-4171-6
Electronic_ISBN :
978-1-4244-4173-0
DOI :
10.1109/ISI.2009.5137311
