Title :
Design of a computer-aided system for risk assessment on information systems
Author :
LIAO, Gen-Yih ; SONG, Chen-Hwa
Author_Institution :
Dept. of Inf. Manage., Chang Gung Univ., Taoyuan, Taiwan
Abstract :
The Internet creates an efficient environment for businesses to conduct transactions, while also creating a channel for outsiders to access organizational assets. To determine the reasonable amount of security investment, security officers would conduct risk assessment to evaluate the risk values in existing systems. In traditional risk assessment processes, however, heavy dependence on human experts leads to difficulties in automating risk assessment. We propose a transaction based computer aided system to facilitate risk assessment on information systems. The proposed system evaluates assets with business transactions, which facilitates the procedures of asset evaluation. The likelihood model used by the system can assist the risk analysts in conducting what-if analyses to determine risk values. Therefore, the proposed system contributes in enhancing the level of automation regarding risk assessment.
Keywords :
Internet; decision support systems; investment; management information systems; maximum likelihood estimation; risk management; security of data; transaction processing; Internet; business transactions; computer-aided risk assessment system; decision support; information security; information systems; likelihood model; organizational asset access; qualitative analysis; quantitative analysis; risk assessment automation; security investment; transaction based computer aided system; what-if analysis; Business communication; Communication system security; Humans; Information security; Information systems; Internet; Investments; Mathematical model; Risk analysis; Risk management;
Conference_Titel :
Security Technology, 2003. Proceedings. IEEE 37th Annual 2003 International Carnahan Conference on
Print_ISBN :
0-7803-7882-2
DOI :
10.1109/CCST.2003.1297553
