Browse > Article
http://dx.doi.org/10.13089/JKIISC.2008.18.4.135

A Study on Risk Analysis Methode Using Case-Based Reasoning  

Lee, Hyeak-Ro (Korea Institute of Science and Technology Information, Sungkyunkwan University)
Ahn, Seong-Jin (Sungkyunkwan University)
Publication Information
Journal of the Korea Institute of Information Security & Cryptology / v.18, no.4, 2008 , pp. 135-141 More about this Journal
Abstract
The risk enlargement of cyber infringement and hacking is one of the latest hot issues. To solve the problem, the research for Security Risk Analysis, one of Information Security Technique, has been activating. However, the evaluation for Security Risk Analysis has many burdens; evaluation cost, long period of the performing time, participants’ working delay, countermeasure cost, Security Management cost, etc. In addition, pre-existing methods have only treated Analyzing Standard and Analyzing Method, even though their scale is so large that seems like a project. the Analyzing Method have no option but to include assessors’ projective opinion due to the mixture using that both qualitative and quantitative method are used for. Consequently, in this paper, we propose the Security Risk Analysis Methodology which manage the quantitative evaluation as a project and use Case-Based Reasoning Algorithm for define the period of the performing time and for select participants.
Keywords
Security Risk Analysis; Analyzing Method; Case-Based Reasoning Algorithm;
Citations & Related Records
연도 인용수 순위
  • Reference
1 OCTAVE, 'OCATVE Criteria, Version 2.0', Carnegie Mellon Software Engineering Institute (2001. 12), OCATVE Method Implementation Guide Version 2.0, OCTAVE, 2001. 6, http://www.sei.cmu.edu/publications/pubweb.html
2 British Standards Institution(BSI), 'BS-7799', 1999
3 Bundesamt fur Sicherheit in der Informationstechnik, 'IT Baseline Protect Manual', Standard security safeguards, http://www.bsi.bund.de/gshb/english/menue.htm
4 SSE-CMM, 'Project, Systems Security Engineering Capability Maturity Model (SSE-CMM) - Model Description Document', V.2, http://www.sse-cmm.org, 1999. 4. 1
5 Young-hwan Bang, Yoon-jung Jung, In-jung Kim, 'The Design and Development for Risk Anlysis Automaitc Tool', LNCS 3043, Part 1, pp.49l-499, May. 2004
6 Hoh Peter In, Young-Gab Kim, Taek Lee, Chang-Joo Moon, Yoonjung Jung, Injung Kim, 'Security Risk Analysis Model for Information Systems,' LNCS 3398, Systems Modeling and Simulation : Theory and Applications: Third Asian Simulation Conference, AsianSim 2004
7 CSE, 'A Guide to Security Risk Management for IT Systems', Govemment of Canada, Communications Security Establishment(CSE)', 1996