 Quantification, Optimization and Uncertainty Modeling in Information Security Risks: A Matrix-Based ApproachSanjay Goel and
Eitel J.M. Lauría
Information Resources Management Journal (IRMJ), 2010, vol. 23, issue 2, 33-52 Abstract: In this paper, the authors present a quantitative model for estimating security risk exposure for a firm. The model includes a formulation for the optimization of controls as well as determining sensitivity of the exposure of assets to different threats. The model uses a series of matrices to organize the data as groups of assets, vulnerabilities, threats, and controls. The matrices are then linked such that data is aggregated in each matrix and cascaded across the other matrices. The computations are reversible and transparent allowing analysts to answer what-if questions on the data. The exposure formulation is based on the Annualized Loss Expectancy (ALE) model, and uncertainties in the data are captured via Monte Carlo simulation. A mock case study based on a government agency is used to illustrate this methodology. Date: 2010 Downloads: (external link) Related works: Export reference: BibTeX RIS (EndNote, ProCite, RefMan) HTML/Text Persistent link: https://EconPapers.repec.org/RePEc:igg:rmj000:v:23:y:2010:i:2:p:33-52 Access Statistics for this article Information Resources Management Journal (IRMJ) is currently edited by George Kelley More articles in Information Resources Management Journal (IRMJ) from IGI Global |
Is your work missing from RePEc? Here is how to contribute.
Questions or problems? Check the EconPapers FAQ or send mail to .
EconPapers is hosted by the
School of Business at Örebro University.