COMPETITIVE APPROACH TO INFORMATION SYSTEM RISK ANALYSES
DOI:
https://doi.org/10.7494/csci.2004.6.5.37Keywords:
IT system risk analyses, competitive methodsAbstract
This article presents the method of IT risk assessment from human behaviour perspective, developed by the author. It is an alternative for the commonly used approaches to risk assessment, based on vulnerability and threat identification and the probability estimation of their occurrence. The authors method applies to risk calculation factors such as administrators or users skills, attackers knowledge and determination, or attack method used. The key element of the proposed risk analysis competitive method is a mathematical formula which allows for risk level quantification.Downloads
References
Baskerville R.: Information Systems Security Design Methods: Implications for Information Systems Development. Computing Surveys 25 (4), grudzień 1994
British Standard BS 7799–1:1999: Information security management – Part 1: Code of practice for information security management. Londyn BSI, 1999
Cameron D.: Information Control in the Information Age. 3rd ed. OPSEC Journal, Frederick MD 1996
http://www.cert.org/stats/cert stats.html
Jelen G. F.: The Nature of OPSEC. 1st ed. OPSEC Journal, Frederick MD 1993
Manunta G.: Security and Methodology. Swindon, The Royal Military College of Science, Cranfield Security Centre Cranfield University 2000
Marcello A.: La Moderna Gestione Dei Rischi A ziendali. Milan, Masson 1993
Mitnick K., Simon W. L.: Sztuka podstępu. Warszawa, Wydawnictwo Helion 2003
Mukund B.: BS 7799 (ISO 17799) – Information Security Management System. Express Computer – 6th May 2002, Indie
National Operations Security Program. National Security Decision Directive 298, USA, 1988
Parker D. B.: Computer Security Management. Reston, Reston Publishing Company 1981
PN-ISO/IEC 17799:2003: Technika informatyczna – Praktyczne zasady zarządzania bezpieczeństwem informacji
Restell P.: BS 7799: How it works. Quality World, luty 2002
Stoneburner G., Goguen A., Feringa A.: Risk Management Guide for Information Technology Systems – Recommendations of the National Institute of Standards
and Technology. National Institute of Standards and Technology, Technology Administration, U.S. Department of Commerce, Special Publication 800–30
U.S. Department of Commerce, National Bureau of Standards: Federal Information Processing Standards Publication 65: Guideline For Automatic Data Processing Risk Analysis. 1 sierpnia 1979
