Title :
Information security risk assessment using Bayesian networks
Author :
Alguliev, R.M. ; Derakhshandeh, S. ; Imamverdiyev, Y.N.
Author_Institution :
Inst. of Inf. Technol., ANAS, Baku, Azerbaijan
Abstract :
Given the increasing dependence of information society on information and communication technologies, the information security risks of these systems should be measured and improved. In this paper, we propose to model information security risks based on attack graphs as a special Bayesian network. Bayesian networks allow to combine historical quantitative information with qualitative information in a systematic way. It can also provide the capabilities of using conditional probabilities to address the general cases of interdependency between vulnerabilities.
Keywords :
belief networks; risk management; security of data; Bayesian networks; attack graphs; conditional probabilities; historical quantitative information; information security; qualitative information; risk assessment; vulnerability; Bayesian methods; Information security; Risk management; Bayesian networks; attack graphs; information security; risk assessment; threat; vulnerability;
Conference_Titel :
Application of Information and Communication Technologies, 2009. AICT 2009. International Conference on
Conference_Location :
Baku
Print_ISBN :
978-1-4244-4739-8
Electronic_ISBN :
978-1-4244-4740-4
DOI :
10.1109/ICAICT.2009.5372521
