EconPapers    
Economics at your fingertips  

EconPapers Home
About EconPapers

Working Papers
Journal Articles
Books and Chapters
Software Components

Authors

JEL codes
New Economics Papers

Advanced Search


EconPapers FAQ
Archive maintainers FAQ
Cookies at EconPapers

Format for printing

The RePEc blog
The RePEc plagiarism page

 

Quantitatively assessing the vulnerability of critical information systems: A new method for evaluating security enhancements

Sandip C. Patel, James H. Graham and Patricia A.S. Ralston

International Journal of Information Management, 2008, vol. 28, issue 6, 483-491

Abstract: This paper proposes a new approach for assessing the organization's vulnerability to information-security breaches. Although much research has been done on qualitative approaches, the literature on numerical approaches to quantify information-security risk is scarce. This paper suggests a method to quantify risk in terms of a numeric value or “degree of cybersecurity”. To help quantitatively measure the level of cybersecurity for a computer-based information system, we present two indices, the threat-impact index and the cyber-vulnerability index, based on vulnerability trees. By calculating and comparing the indices for various possible security enhancements, managers can select the best security enhancement choice, prioritize the choices by their relative effectiveness, and statistically justify spending resources on the selected choice. By qualifying information security quantitatively, the method can also help managers establish a specific target of security level that they can track.

Keywords: Information security; Risk analysis; Information-security measurement; Security threats; Vulnerability measurement (search for similar items in EconPapers)
Date: 2008
References: Add references at CitEc
Citations: View citations in EconPapers (6)

Downloads: (external link)
http://www.sciencedirect.com/science/article/pii/S0268401208000054
Full text for ScienceDirect subscribers only

Related works:
This item may be available elsewhere in EconPapers: Search for items with the same title.

Export reference: BibTeX RIS (EndNote, ProCite, RefMan) HTML/Text

Persistent link: https://EconPapers.repec.org/RePEc:eee:ininma:v:28:y:2008:i:6:p:483-491

DOI: 10.1016/j.ijinfomgt.2008.01.009

Access Statistics for this article

International Journal of Information Management is currently edited by Yogesh K. Dwivedi

More articles in International Journal of Information Management from Elsevier
Bibliographic data for series maintained by Catherine Liu ().

 
Share

RePEc
This site is part of RePEc and all the data displayed here is part of the RePEc data set.

Is your work missing from RePEc? Here is how to contribute.

Questions or problems? Check the EconPapers FAQ or send mail to .

Örebro UniversityEconPapers is hosted by the School of Business at Örebro University.

Page updated 2025-03-19
Handle: RePEc:eee:ininma:v:28:y:2008:i:6:p:483-491