Title :
Information security risk assessment and management method in computer networks
Author_Institution :
Inf. Security Syst. Dept., Kazan Nat. Res. Tech. Univ. named after A.N.Tupolev-KAI, Kazan, Russia
Abstract :
We suggested a method for quantitative information security risk assessment and management in computer networks. We used questionnaires, expert judgments, fuzzy logic and analytic hierarchy process to evaluate an impact and possibility values for specific threats. We suggested fuzzy extension of Common Vulnerability Scoring System for vulnerability assessment. Fuzzy prediction rules are used to describe expert´s knowledge about vulnerabilities.
Keywords :
analytic hierarchy process; computer network security; fuzzy logic; risk management; analytic hierarchy process; common vulnerability scoring system; computer network; fuzzy logic; fuzzy prediction; information security risk assessment method; information security risk management method; vulnerability assessment; Analytic hierarchy process; Fuzzy logic; Information security; Measurement; Risk management; Servers; analytic hierarchy process; fuzzy logic; information security risks;
Conference_Titel :
Control and Communications (SIBCON), 2015 International Siberian Conference on
Conference_Location :
Omsk
Print_ISBN :
978-1-4799-7102-2
DOI :
10.1109/SIBCON.2015.7146975
