• DocumentCode
    2959399
  • Title

    Information security risk assessment using Bayesian networks

  • Author

    Alguliev, R.M. ; Derakhshandeh, S. ; Imamverdiyev, Y.N.

  • Author_Institution
    Inst. of Inf. Technol., ANAS, Baku, Azerbaijan
  • fYear
    2009
  • fDate
    14-16 Oct. 2009
  • Firstpage
    1
  • Lastpage
    4
  • Abstract
    Given the increasing dependence of information society on information and communication technologies, the information security risks of these systems should be measured and improved. In this paper, we propose to model information security risks based on attack graphs as a special Bayesian network. Bayesian networks allow to combine historical quantitative information with qualitative information in a systematic way. It can also provide the capabilities of using conditional probabilities to address the general cases of interdependency between vulnerabilities.
  • Keywords
    belief networks; risk management; security of data; Bayesian networks; attack graphs; conditional probabilities; historical quantitative information; information security; qualitative information; risk assessment; vulnerability; Bayesian methods; Information security; Risk management; Bayesian networks; attack graphs; information security; risk assessment; threat; vulnerability;
  • fLanguage
    English
  • Publisher
    ieee
  • Conference_Titel
    Application of Information and Communication Technologies, 2009. AICT 2009. International Conference on
  • Conference_Location
    Baku
  • Print_ISBN
    978-1-4244-4739-8
  • Electronic_ISBN
    978-1-4244-4740-4
  • Type

    conf

  • DOI
    10.1109/ICAICT.2009.5372521
  • Filename
    5372521
    • Link To Document
    https://search.isc.ac/dl/search/defaultta.aspx?DTC=49&DC=2959399