A novel security risk assessment model for information system

Author

Lv, Huiying

Author_Institution

Sch. of Inf. Eng., Capital Normal Univ., Beijing, China

Volume

4

fYear

2010

fDate

27-29 March 2010

Firstpage

282

Lastpage

287

Abstract

Security defense against threats is very important to information system. A novel security risk assessment model is presented. In this model, an information system consists of a series of network nodes, which have three elements: assets, rights and vulnerabilities. To analyze the relevance between vulnerabilities, an algorithm for intrusion path discovery is proposed centralized on assets. By investigating the intrusion paths found, the system risk is quantitatively evaluated on vulnerabilities, nodes, assets, or system, which indicates the risk situation of the system. A simulation experiment and results verify availability and effectiveness of the model.

Keywords

information systems; risk management; security of data; assets; information system; intrusion path discovery; network nodes series; quantitative evaluation; security risk assessment; vulnerabilities; Algorithm design and analysis; Computer hacking; Information security; Information systems; Permeability measurement; Protection; Risk analysis; Risk management; Safety; Time measurement; information security; model; risk assessment; vulnerability;

fLanguage

English

Publisher

ieee

Conference_Titel

Advanced Computer Control (ICACC), 2010 2nd International Conference on

Conference_Location

Shenyang

Print_ISBN

978-1-4244-5845-5

Type

conf

DOI

10.1109/ICACC.2010.5486922

Filename

5486922