Asset Valuation Method for Dependent Entities
Date of Issue2014
School of Physical and Mathematical Sciences
Asset analysis and valuation are important parts of the information security risk management. Outputs they produce are used in the process of risk analysis that plays a key role in securing organi-zation's business processes. A correct analysis and valuation of assets should reveal not only their importance for the organization, but also their relationships and dependencies between each other. There is a lack of works considering asset dependencies for the risk management purposes, this part is usually left for a subjective perception of a risk analyst, who should adjust the risk values in the end. In our work we propose a systematic approach for including asset dependencies in the asset valuation process. We inspect the relations between assets from the common security attributes point of view-confidentiality, integrity and availability. Our method should help to formalize the problem with dependent entities in the organization's model.
information security risk management
Journal of Internet Services and Information Security
© 2014 The Author(s). This is the author created version of a work that has been peer reviewed and accepted for publication in Journal of Internet Services and Information Security, published by Innovative Information Science & Technology Research Group (ISYOU) AND Institute of Engineering - Polytechnic of Porto (ISEP/IPP) on behalf of The Author(s). It incorporates referee’s comments but changes resulting from the publishing process, such as copyediting, structural formatting, may not be reflected in this document. The published version is available at: [http://isyou.info/jisis/vol4/no3/5.htm].