Abstract
The rapid growth of the Internet technology has encouraged organizations to protect their information assets. Furthermore, the need for risk analysis has become very important for organizations. However, the existing risk analysis just presents the guidelines that can be used to determine the security measures but do not support how to evaluate the risks quantitatively. Therefore, in this paper, the quantitative risk evaluation model based on the Markov process, especially for the case of interrelated threats, is proposed. In addition, in order to analyze the relationship between threats, the basic analysis method using the covariance and the correlation coefficient is presented.
"This research was supported by the MIC (Ministry of Information and Communication), Korea, under the ITRC (Information Technology Research Center) support program supervised by the IITA (Institute of Information Technology Advancement)" (IITA-2006-(C1090-0603-0025)).
Chapter PDF
Similar content being viewed by others
Keywords
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.
References
Papazolou, M.P.: Agent-Oriented Technology in Support of E-business. Communication of the ACM 44(4), 71–77 (2001)
In, H.P., Kim, Y.-G., Lee, T., Moon, C.-J., Jung, Y., Kim, I.J.: A Security Risk Analysis Model for Information Systems. In: Baik, D.-K. (ed.) AsiaSim 2004. LNCS (LNAI), vol. 3398, pp. 505–513. Springer, Heidelberg (2005)
Stoneburner, G., Goguen, A., Feringa, A.: Risk Management Guide for Information Technology Systems. NIST Special Publication 800-30, NIST (2002)
GAO: Information Security Risk Assetment-Practices of Leading Organizations. GAO/AIMD-00-33 (1999)
Kim, Y.-G., Lee, T., In, H.P., Chung, Y.-J., Kim, I.J., Baik, D.-K.: A Probabilistic Approach to Estimate the Damage Propagation of Cyber Attacks. In: Won, D.H., Kim, S. (eds.) ICISC 2005. LNCS, vol. 3935, pp. 175–185. Springer, Heidelberg (2006)
Trivedi, K.S.: Probability and Statistics with Reliability, Queuing and Computer Science Applications, 2nd edn. Wiley Interscience, Hoboken (2002)
Yates, R.D., Goodman, D.J.: Probability and Stochastic Process, 2nd edn. Wiley, Chichester (2003)
KISA: Statistics and Analysis on Hacking and Virus, http://www.krcert.or.kr
Hogg, R.V., Craig, A.T.: Introduction to Mathematical Statics, 5th edn. Prentice-Hall, Englewood Cliffs (1995)
Author information
Authors and Affiliations
Editor information
Rights and permissions
Copyright information
© 2007 Springer Berlin Heidelberg
About this paper
Cite this paper
Kim, YG., Lim, J. (2007). Quantitative Risk Analysis and Evaluation in Information Systems: A Case Study. In: Shi, Y., van Albada, G.D., Dongarra, J., Sloot, P.M.A. (eds) Computational Science – ICCS 2007. ICCS 2007. Lecture Notes in Computer Science, vol 4489. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-72588-6_167
Download citation
DOI: https://doi.org/10.1007/978-3-540-72588-6_167
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-72587-9
Online ISBN: 978-3-540-72588-6
eBook Packages: Computer ScienceComputer Science (R0)