Evaluation of Information Security Risks Using Hybrid Assessment Model

被引:0
作者
Alese, B. K. [1 ]
Oyebade, O. [1 ]
Festus, Osuolale A. [1 ]
Iyare, O. [1 ]
Thompson, A. F. [1 ]
机构
[1] Fed Univ Technol Akure, Dept Comp Sci, Akure, Ondo State, Nigeria
来源
2014 9TH INTERNATIONAL CONFERENCE FOR INTERNET TECHNOLOGY AND SECURED TRANSACTIONS (ICITST) | 2014年
关键词
component; Risk; Registers; Scenario; geek What-if model; risk management;
D O I
暂无
中图分类号
TP301 [理论、方法];
学科分类号
081202 ;
摘要
A risk is the possibility that an undesirable event could happen. Several risk management software tools have been developed in the past to address pressing industrial concerns such as risk identification and estimation, risk exposure, mitigation and keep track of risk positions and respective management plans. Several methods have been developed and used in risk assessments. Two specific methods of interest in this work are: "Risk Matrices" and "Risk Registers". A generic Risk Register application module and an updatable Risk Matrix module was designed. This work studies risk management techniques and employs a custom model for the automated assessment of IS risks. This model was implemented in phases corresponding to its aspects. The "Assessment methods" of interest to this work are Risk Registers, Risk Matrices and the Scenario Geek". What-if analysis is a data-intensive simulation whose goal is to inspect the behavior of a complex system under some given hypotheses called scenarios. What-ifs are used to generate qualitative descriptions of potential problems in the form of questions and responses lists of recommendations for preventing problems. The Risk Assessor was developed using Microsoft's Visual Basic. Net with Active Server Pages (ASP. Net) Technologies on. Net Framework 4.0. This work, if adopted will help keep track of the basic sources which can hamper the operations of the information technology organizations.
引用
收藏
页码:387 / 395
页数:9
相关论文
共 4 条
[1]  
Hubbard D., 2009, FAILURE RISK MANAGEM, DOI DOI 10.1002/9781119521914
[2]  
ISO-DIS, 2009, RISK MAN PRINC GUID
[3]  
ISO-IEC, 2009, 732009 ISOIEC
[4]  
Katsikas SK, 2009, COMPUTER AND INFORMATION SECURITY HANDBOOK, P605, DOI 10.1016/B978-0-12-374354-1.00035-2