资源描述:
《value at risk a methodology for information security risk assessment.》由会员上传分享,免费在线阅读,更多相关内容在教育资源-天天文库。
1、ValueatRisk:AmethodologyforInformationSecurityRiskAssessment.JeevanJaisinghandJackieReesKrannertGraduateSchoolofManagementPurdueUniversityWestLafayette,IN,47907AbstractThispaperpresentsValueatRisk(VAR),anewmethodologyforInformationSecurityRiskAssessment.VARsu
2、mmarizestheworstlossduetoasecuritybreachoveratargethorizon,withagivenlevelofconfidence.Moreformally,VARdescribesthequantileoftheprojecteddistributionoflossesoveragiventimeperiod.MostofthetoolsthatareusedforISECriskassessmentarequalitativeinnatureandarenotgrou
3、ndedintheory.VARisausefultoolinthehandsofanISECexpertasitprovidesatheoreticallybased,quantitativemeasureofinformationsecurityrisk.Usingthismeasureofrisk,thebestpossiblebalancebetweenriskandcostofprovidingsecuritycanbeachieved.Mostorganizations,especiallythose
4、heavilyinvestedineBusiness,alreadyhavedeterminedtheacceptablelevelofrisk.Thedollaramountofthisriskisthencomputed.WhenthetotalVARofanorganizationexceedsthisamount,theorganizationisalertedtothefactthatanincreasedsecurityinvestmentisrequired.1I.IntroductionInfor
5、mationSecurity(ISEC)isanimportantfunctioninorganizationsandseveralauthors(Finne1997;Bhimani1996)havepointedoutthatbreachesinISECcanbringsignificanteconomiclosses.TheimportanceofprovidinganinfrastructureforsecuretransactionsforElectroniccommercehasbeenemphasiz
6、edinthesecurityliterature(Bequai2000;Bhimani1996).Informationsystemshavelongbeenatriskfrommaliciousactions,inadvertentusererror,naturaldisastersandotherunforseenadverseevents.Inrecentyears,systemshavebecomemoresusceptibletothesethreatsduetotheincreasinginterc
7、onnectivityofcomputernetworksand,thus,moreinterdependentandaccessibletoalargenumberofindividuals.Internet-basedfraudisagrowingglobalproblemaccordingtoarecentsurvey.Accordingtothesurvey,83%ofthemerchantssurveyedwhosellgoodsonlineacknowledgedthatthethreatoffrau
8、disaseriousproblem(Bequai2000).Theconsequencesoflosingsensitiveinformationcanbecatastrophic.Mediahypedreportsofthe“BubbleBoy”virusandfrequentnetworkfailureofeCommercesiteslikeE*Trademayse
