Attack tree based information security risk assessment method integrating enterprise objectives with vulnerabilities
Joint Authors
Source
The International Arab Journal of Information Technology
Issue
Vol. 10, Issue 3 (31 May. 2013)8 p.
Publisher
Publication Date
2013-05-31
Country of Publication
Jordan
No. of Pages
8
Main Subjects
Topics
Abstract EN
In order to perform the analysis and mitigation efforts related with the Information Security risks there exists quantitative and qualitative approaches, but the most critical shortcoming of these methods is the fact that the outcome mainly addresses the needs and priorities of the technical community rather than the management.
For the enterprise management, this information is essentially required as a decision making aid for the asset allocation and the prioritization of mitigation efforts.
So ideally the outcome of an information security risk method must be in synchronization with the enterprise objectives to act as a useful decision tool for the management.
Also in the modelling of the threat domain, attack trees are frequently utilized.
However the execution of attack tree modelling is costly from the effort and timing requirements and also has inherent scalability issues.
So within this article our design-science research based work on an information security risk assessment method that addresses these two issues of enterprise objective inclusion and model scalability will be outlined.
American Psychological Association (APA)
Karabey, Bugra& Baykal, Nazife. 2013. Attack tree based information security risk assessment method integrating enterprise objectives with vulnerabilities. The International Arab Journal of Information Technology،Vol. 10, no. 3.
https://search.emarefa.net/detail/BIM-311920
Modern Language Association (MLA)
Karabey, Bugra& Baykal, Nazife. Attack tree based information security risk assessment method integrating enterprise objectives with vulnerabilities. The International Arab Journal of Information Technology Vol. 10, no. 3 (May. 2013).
https://search.emarefa.net/detail/BIM-311920
American Medical Association (AMA)
Karabey, Bugra& Baykal, Nazife. Attack tree based information security risk assessment method integrating enterprise objectives with vulnerabilities. The International Arab Journal of Information Technology. 2013. Vol. 10, no. 3.
https://search.emarefa.net/detail/BIM-311920
Data Type
Journal Articles
Language
English
Notes
Includes bibliographical references.
Record ID
BIM-311920