Dynamic Assessment and VaR-Based Quantification of Information Security Risk

Author

Qi, Wenjing ; Liu, Xue ; Zhang, Jian ; Yuan, Weihua

fYear

2010

fDate

22-23 May 2010

Firstpage

1

Lastpage

4

Abstract

Risk assessment and quantification is crucial to the effectiveness of information security measure deployed in an organization. A dynamic risk assessment process is presented in this paper to cope with the variation and diversity of threats in the information system. To give a clear perspective of the information risk without confusing by the complexity of so many risk factors, an risk quantification model and a VaR-based risk measure are presented, through which, risk can be represented by the prospective maximum daily loss under certain confidence level. We test our risk quantification model and measure in a real network environment.

Keywords

risk management; security of data; VaR; dynamic risk assessment process; information security measure; risk factors; risk quantification model; Biomedical measurements; Computer bugs; Computer science; Computer security; Educational institutions; Information security; Information systems; Management information systems; Reactive power; Risk management;

fLanguage

English

Publisher

ieee

Conference_Titel

e-Business and Information System Security (EBISS), 2010 2nd International Conference on

Conference_Location

Wuhan

Print_ISBN

978-1-4244-5893-6

Electronic_ISBN

978-1-4244-5895-0

Type

conf

DOI

10.1109/EBISS.2010.5473537

Filename

5473537