Information Security Risk Calculation Model

Posted on:2010-01-23

Degree:Master

Type:Thesis

Country:China

Candidate:L P Dang

Full Text:PDF

GTID:2208360275483836

Subject:Software engineering

Abstract/Summary:

PDF Full Text Request

There has been more than forty years since the advent of information security technology. Over the years, people solve one safety problem after another by virtue of an increasing rich and sophisticated security technology. However, with the rapid development of information technology, the incidence of security incidents has gone far beyond any previous period. The pure, passive techniques have been unable to cope with the growing security threat. Therefore, we putted forward the idea of security risk assessment. Risk assessment consider not only technology but also management, can assess the probability of the potential danger and its losses at the base of identifying risk factors in the information system which may course security incidents to determine the risk of the system at present. For different risks, we could take different measures to make sure the system relative safe.Risk calculation is an important prerequisite for the risk assessment and management, so in the article, on the basis of the central idea of the risk assessment, we focused on the assessment model and risk analysis calculation method based on the risk factors after introduced the current situation of risk assessment, its calculating model and some relevant speculative knowledge such as work mode, flow, standard system, assessment tools, and so on. On this condition, we gave a new risk calculation model which both took into account assets value, intensity of safety measures, single security threat, interaction between threats that may influence on the security of the whole system and controlled complexity of calculation reasonably to improve the accuracy and the objectivity of the assessment result effectively. The model solves the problems of the incomprehensive and the inaccurate in the previous.In the final, guided by the theory of OOP (Object Oriented Programming), and with the support of the database, the calculation model is used in the progress of the risk assessment tool development. At the same time, we provide a group of experiment data to prove its feasibility.

Keywords/Search Tags:

Information System, Risk Assessment, Calculation Model, Risk management, Associated Threat

PDF Full Text Request

Related items

1	Information Security Risk Management Platform To Achieve
2	The Research And Design Of Risk Assessment Calculation System
3	Enterprise Information Security Management And Risk Assessment System Research
4	Risk Management, Software Outsourcing Project
5	Research On Risk Quantification Model Of Information System Security And Realization Of Risk Evaluation System
6	Integrated Risk Assessment Model Of E-government Informationsecurity Based On Menacean Alysis
7	Quantitative Risk Assessment Of ICS Based On Threat And Vulnerability
8	Yanzhou Coal Enterprise Risk Management Information System The Design And Implementation
9	Research On The Multidimensional And DynamicInformation Security Risk Management Model And The Related Assessment Algorithms
10	Research And Implementation Of Quantitative Security Risk Assessment Calculation Model