The IRMA Community
Newsletters
Research IRM
Click a keyword to search titles using our InfoSci-OnDemand powered search:
|
Information Security Risk Analysis: A Matrix-Based Approach
Abstract
This paper presents an information security risk analysis methodology that links the assets, vulnerabilities, threats and controls of an organization. The approach uses a sequence of matrices that correlate the different elements in the risk analysis. The data is aggregated and cascaded across the matrices to correlate the assets with the controls such that a prioritized ranking of the controls based on the assets of the organization is obtained. The approach does not obfuscate the intermediate data in the analysis, thereby providing transparency to the risk analysis process and allowing rationalization of the data. This approach allows organizations to start with sparse data with low fidelity and the analysis can be gradually refined as additional (and high quality) data is collected over time. A sample case study based on a study at a NY State agency is presented. This methodology was applied at General Electric and some preliminary results of the case study are presented in this paper.
|
|