Assets dependencies model in information security risk management
Date of Issue2014
Proceedings on IFIP TC5/8 International Conference, ICT-EurAsia (2nd : 2014 : Bali, Indonesia)
School of Physical and Mathematical Sciences
Information security risk management is a fundamental process conducted for the purpose of securing information assets in an organization. It usually involves asset identification and valuation, threat analysis, risk analysis and implementation of countermeasures. A correct asset valuation is a basis for accurate risk analysis, but there is a lack of works describing the valuation process with respect to dependencies among assets. In this work we propose a method for inspecting asset dependencies, based on common security attributes - confidentiality, integrity and availability. Our method should bring more detailed outputs from the risk analysis and therefore make this process more objective.
© 2014 IFIP International Federation for Information Processing