An information security risk assessment method based on conduct effect and dynamic threat

Authors :: Zhu Hongyu
Li Xi
Qiao Hong
Chen Shengsheng
Tian Zheng
Qi Wenhui
Tian Jianwei
Source :: 2017 8th IEEE International Conference on Software Engineering and Service Science (ICSESS).
Publication Year :: 2017
Publisher :: IEEE, 2017.
Abstract: Traditional Information Security Risk Assessment method did not consider the dynamic characteristic and risk conduct effect among assets, which makes the assessment result inaccurately. To solve this problem, this paper proposes a novel Information Security Risk Assessment method based on Conduct effect and Dynamic threat (ISRACD). ISRACD adopts DTC (Dynamic Threat Calculation) method to calculate threat degree more objectively. Besides, ISRACD proposes ACEC (Asset Conduct Effect Calculation) method to describe the conduct effect among assets and quantify the conduct value. Based on the two methods, ISRACD can obtain the security level more precisely.

Subjects :: Value (ethics)
Risk analysis (engineering)
Information security risk assessment
Computer science
business.industry
Information security
Security level
Asset (computer security)
business
Risk management

Database :: OpenAIRE
Journal :: 2017 8th IEEE International Conference on Software Engineering and Service Science (ICSESS)
Accession number :: edsair.doi...........c38f8731ecee40e6e507b74a147f4627

Tools