A business oriented risk assessment model

CORC > 北京大学 > 信息科学技术学院

	A business oriented risk assessment model
	Li, Bin ; Xie, Feng ; Chen, Zhong
刊名	jisuanji yanjiu yu fazhancomputer research and development
	2011
英文摘要	Traditional information security risk assessment emphasizes the loss of asset, but ignores the effect of the risk on business. This paper proposes a business oriented risk assessment model BoRAM. On the basis of the business security requirements, the proposed model introduces three basic security goals (i. e. confidentiality, integrity and availability) into the process of the risk assessment, and further measures the risk according to the effect on business process. In the proposed model, the asset is not only severed as a basic evaluation element as same as the role in the traditional risk assessment models, but also is served as the support of the business. The risk of the asset, the risk of the business process, and the risk of the business are analyzed hierarchically. In order to measure these risks, all the risk elements are generalized and analyzed by attribute-oriented induction (AOI) as well as cluster algorithm. Furthermore, the Markov model is also introduced into the business to describe the transfer between business processes. Finally, the model is experimented in a typical Internet-bank business. Theoretical analysis and experimental results show that the proposed model can evaluate the business risk instead of traditional asset risk on the basis of confidentiality, integrity and availability of business, which is just the goal of the business security requirements.; EI; 0; 9; 1634-1642; 48
语种	英语
内容类型	期刊论文
源URL	[http://ir.pku.edu.cn/handle/20.500.11897/412020]
专题	信息科学技术学院
推荐引用方式 GB/T 7714	Li, Bin,Xie, Feng,Chen, Zhong. A business oriented risk assessment model[J]. jisuanji yanjiu yu fazhancomputer research and development,2011.
APA	Li, Bin,Xie, Feng,&Chen, Zhong.(2011).A business oriented risk assessment model.jisuanji yanjiu yu fazhancomputer research and development.
MLA	Li, Bin,et al."A business oriented risk assessment model".jisuanji yanjiu yu fazhancomputer research and development (2011).