WIT Press


Information Asset Modelling For Risk Analysis

Price

Free (open access)

Paper DOI

10.2495/SAFE070051

Volume

94

Pages

10

Published

2007

Size

541 kb

Author(s)

Y. G. Sung, P. Kang & W. T. Sim

Abstract

An information technology-driven organization, in which most business is carried out and its revenue is presented through information technology, increasingly provides their key functions through computer systems and networks. These kinds of environments have prompted every day cyber threats through computer technology and Internet infrastructure. Current issues are rising for the matter of risk analysis on information technology transactions. To fulfil accurate risk estimation of this, different approaches are required to consider what each information asset is and what cyber vulnerabilities it is open to. In order to succeed, first it is necessary to identify its model of information asset, unlike conventional assets where each asset can be figured out as a whole value, then measure the value of it. In this paper, we are trying to show the methods and approaches to applying risk analysis to the information technology field. Hereafter, we identify key elements consisting of assets of a computer system. After its completion, we create a mathematic function to calculate its value based on the asset elements. The research results will yield an implementation of an automatic risk assessment tool for computer networks. Keywords: information asset, risk analysis, computer network, security vulnerability, impact value. 1 Introduction Many companies are increasingly relying on computer systems for their business, where large amounts of network traffic rise every day to operate its business and individual staff work on personal computers. To predict and minimize the risk of network attack, traffic analysis measurement techniques should be in place after monitoring tools are deployed: when inbound and outbound traffic is out of normal levels, the network administrator can make the

Keywords

information asset, risk analysis, computer network, security vulnerability, impact value.