CPL - Chalmers Publication Library
| Utbildning | Forskning | Styrkeområden | Om Chalmers | In English In English Ej inloggad.

A Cause and Effect Approach Towards Risk Analysis

Laleh Pirzadeh (Institutionen för data- och informationsteknik, Nätverk och system (Chalmers) ) ; Erland Jonsson (Institutionen för data- och informationsteknik, Nätverk och system (Chalmers) )
International workshop on Security Measurements and Metrics - MetriSec2011, Banff, Alberta, Canada, 2011-09-21 p. 80-83. (2011)
[Konferensbidrag, refereegranskat]

Risk analysis is critical for IT systems and for organizations and their daily operation. There are various tools and methods to analyse risk. Most approaches take risk assessment as a result of specific factors (such as threats and vulnerabilities) without investigating the impact of various types of system operation. Therefore, we suggest a causal approach toward risk analysis based on an existing security model. We start out from a current risk analysis method and improve it by taking the system operation, causal relation between the impairments, as well as latency effects into account. The approach exhibits the impact of the attack chain of impairments on system risk. We claim that the approach presented in this paper will make it possible to conduct a more refined quantitative assessment of risk.

Nyckelord: security model; risk analysis; causal chain of impairments; metrics; security planning; system operation



Den här publikationen ingår i följande styrkeområden:

Läs mer om Chalmers styrkeområden  

Denna post skapades 2011-11-30. Senast ändrad 2012-04-19.
CPL Pubid: 149330

 

Läs direkt!

Lokal fulltext (fritt tillgänglig)

Länk till annan sajt (kan kräva inloggning)