期刊名称:International Journal of Security and Its Applications
印刷版ISSN:1738-9976
出版年度:2014
卷号:8
期号:6
页码:81-88
DOI:10.14257/ijsia.2014.8.6.08
出版社:SERSC
摘要:The current information security risk evaluation methods are only concerned with the risk of system components, rarely based on business risk perspective. Thus, it is difficult to meet different levels of information security risk comprehension such as the operational staff and the organization's manager. This paper proposes a hierarchical risk evaluation method based on asset dependence chain to quantify the hierarchical risk, the information systems security risks are divided into three levels: the component level, system level and organizational level. By analyzing the assets dependence in three levels, a "business systems-information systems-system components" assets dependence chain is formed. In the end, a hierarchical risk calculation method is presented. The risk analysis result can reflect the level of security risk evaluation needs more comprehensively and objectively.
