Abstract
A proper asset modeling is essential to develop an information security risk assessment in any corporation. A too complex model will take a long development time and may require parameter values difficult to get. On the contrary, a too simple model will provide inaccurate estimations of risks, although it could be developed fast. One of the characteristic that most influences the complexity of the model is the way to characterize the dependence between assets, generally using a dependency graph. This work evaluates how slight variations in the complexity of the dependency graph affect to estimated risks. To carry out the evaluation, the MAGERIT methodology is used because it can handle graphs of variable complexity and allows qualitative or quantitative asset valuation. Finally, this work provides insights to select a proper complexity for the asset modeling approach used.
Sign-in/Register to access full text options 
Free) 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a call
