Title :
An hierarchical asset valuation method for information security risk analysis
Author :
Tatar, Unal ; Karabacak, Bilge
Author_Institution :
Security Div., TUBITAK-BILGEM-UEKAE Inf. Syst., Ankara, Turkey
Abstract :
The widespread use of information technology transforms businesses continuously and rapidly. Information technology introduces new threats to organizations as well. Risk analysis is an important tool in order to make correct decisions and to deal with cyber threats. Identification and valuation of assets is a crucial process that must be performed in risk analyses. Without properly identified and valued assets, the results of risk analyses lead to wrong decisions. Wrong decisions on information security may directly affect corresponding business processes. There are some finished and applied methods in literature for asset identification and valuation; however these methods are complicated and are not suitable for practical information security management projects. In this paper, a hierarchy based asset valuation method is proposed. Our method is intended to minimize the common mistakes that were done during Information Security Management Projects. The application of the method has not been performed yet; however it is thought that it can ease the processes and reduce the number of errors.
Keywords :
business data processing; organisational aspects; risk analysis; security of data; asset identification; asset valuation; business processes; businesses continuously; cyber threats; hierarchical asset valuation method; information security management projects; information security risk analysis; information technology; organizations; Cost accounting; Hardware; IEC; ISO; Reliability; Remuneration; Silicon; Information security risk analysis; asset valuation;
Conference_Titel :
Information Society (i-Society), 2012 International Conference on
Conference_Location :
London
Print_ISBN :
978-1-4673-0838-0
