期刊名称:International Journal of Security and Its Applications
印刷版ISSN:1738-9976
出版年度:2014
卷号:8
期号:3
页码:193-208
DOI:10.14257/ijsia.2014.8.3.21
出版社:SERSC
摘要:This paper provides a series of work on risk management models to identify the assets and risks. The goal of modeling them is to analyze and calculate meaning of the level of security in the cyber world. Analyzing and calculating was done by the quantitative method, so that the investment decision in security tools were expected to be objective, which were based on performance and situational experiences in an organization. Risk management was then associated with the calculation of costs that may occur with the point of view of the financial aspects of ROI/CBA, such as NPV, IRR, and ROI, so it can be measured in the level of security of the organization and can be maintained within a certain period. Our model consisted sixteen formulas that can show the increasing level of security based on the cost.
关键词:Risk Management; Network Security; Security Level; Risk Assessment; Asset ; Identification; and CIA
