Abstract
Risk evaluation is the core process of information security risk management. An effective risk evaluation can protect organizations and maintain their abilities to carry out missions and activities against threats as well as helping to implement controls and safeguards that are actually needed. While the traditional information security risk evaluation approaches are lack of granular analysis and clear expression of security characteristics of risk, such as the possibility, attack path, and business impact. This paper presents the scenario-based information security risk evaluation method, based on the thought of Advanced Persistent Threat (APT) attack, by constructing risk scenario, evaluate information system security risk status. The separation analysis of the technical impact and business impact contribute to the technicians and business decision makers to grasp system risk status from their respective responsibilities. In the end of the paper, we propose a practical risk scenario construction example, which provides scientific and effective guidance for the preparation of a risk evaluation report.
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a callMore From: International Journal of Security and Its Applications
Disclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.
