Browse > Article
http://dx.doi.org/10.3745/JIPS.2006.2.2.095

A Practical Security Risk Analysis Process and Tool for Information System  

Chung, Yoon-Jung (Electronics and Telecommunications Research Institute)
Kim, In-Jung (Electronics and Telecommunications Research Institute)
Lee, Do-Hoon (Electronics and Telecommunications Research Institute)
Publication Information
Journal of Information Processing Systems / v.2, no.2, 2006 , pp. 95-100 More about this Journal
Abstract
While conventional business administration-based information technology management methods are applied to the risk analysis of information systems, no security risk analysis techniques have been used in relation to information protection. In particular, given the rapid diffusion of information systems and the demand for information protection, it is vital to develop security risk analysis techniques. Therefore, this paper will suggest an ideal risk analysis process for information systems. To prove the usefulness of this security risk analysis process, this paper will show the results of managed, physical and technical security risk analysis that are derived from investigating and analyzing the conventional information protection items of an information system.
Keywords
Risk Management; Asset; Threats; Vulnerability; Countermeasure;
Citations & Related Records
연도 인용수 순위
  • Reference
1 Hamoud, Chen, Bradley, 'Risk Assessment of Power systems SCADA', Power Engineering Society General Meeting, pp. 764 vol 2, July 2003
2 Zorkadis, Karras, 'Security modeling of electronic commerce infrastructure,' EUROCOMM2000, pp. 340-344, MAY 2000
3 BSI, BS7799 - Code of Practice for Information Security Management, British Standards Institute, 1999
4 CSE, Threat and Risk Assessment Working Guide, Government of Canada, Communications Security Establishment, 1999
5 Staker, 'Use of Baysian belief networks in the analysis of information system network risk,' Information, Decision and Control, pp. 145-150, Feb. 1999
6 NIST Special Publication 800-26, Security Self-Assessment Guide for Information Technology Systems. August 2001
7 Ministry of Finance and Economy Republic of Korea, Security Guide of Information Communication Infrastructure for the MOFE association organization, 2002. 11
8 http://www.sans.org/top20
9 ISO/IEC JTC 1/SC27, Information technology - Security technique Guidelines for the management of IT security (GMITS) -Part 3: Techniques for the management of IT security, ISO/IEC JTC1/SC27 N1845, 1997. 12. 1
10 Solm, R., Guidelines to The Management of Information Technology Security, Vol.6, No.5, 1998, pp.221-223   DOI   ScienceOn
11 GAO, Information Security Risk Assessment - Practices of Leading Organizations, Exposure Draft, U.S. General Accounting Office, August 1999