CFP last date
20 January 2025
Reseach Article

Information Security Risk Assessment — A Practical Approach with a Mathematical Formulation of Risk

by Mohamed Ghazouani, Sophia Faris, Hicham Medromi, Adil Sayouti
International Journal of Computer Applications
Foundation of Computer Science (FCS), NY, USA
Volume 103 - Number 8
Year of Publication: 2014
Authors: Mohamed Ghazouani, Sophia Faris, Hicham Medromi, Adil Sayouti
10.5120/18097-9155

Mohamed Ghazouani, Sophia Faris, Hicham Medromi, Adil Sayouti . Information Security Risk Assessment — A Practical Approach with a Mathematical Formulation of Risk. International Journal of Computer Applications. 103, 8 ( October 2014), 36-42. DOI=10.5120/18097-9155

@article{ 10.5120/18097-9155,
author = { Mohamed Ghazouani, Sophia Faris, Hicham Medromi, Adil Sayouti },
title = { Information Security Risk Assessment — A Practical Approach with a Mathematical Formulation of Risk },
journal = { International Journal of Computer Applications },
issue_date = { October 2014 },
volume = { 103 },
number = { 8 },
month = { October },
year = { 2014 },
issn = { 0975-8887 },
pages = { 36-42 },
numpages = {9},
url = { https://ijcaonline.org/archives/volume103/number8/18097-9155/ },
doi = { 10.5120/18097-9155 },
publisher = {Foundation of Computer Science (FCS), NY, USA},
address = {New York, USA}
}
%0 Journal Article
%1 2024-02-06T22:34:03.752137+05:30
%A Mohamed Ghazouani
%A Sophia Faris
%A Hicham Medromi
%A Adil Sayouti
%T Information Security Risk Assessment — A Practical Approach with a Mathematical Formulation of Risk
%J International Journal of Computer Applications
%@ 0975-8887
%V 103
%N 8
%P 36-42
%D 2014
%I Foundation of Computer Science (FCS), NY, USA
Abstract

Risk management methodologies, such as Mehari, Ebios, CRAMM and SP 800-30 (NIST) use a common step based on threat, vulnerability and probability witch are typically evaluated intuitively using verbal hazard scales such as low, medium, high. Because of their subjectivity, these categories are extremely difficult to assign to threats, vulnerabilities and probability, or indeed, to interpret with any degree of confidence. The purpose of the paper is to propose a mathematical formulation of risk by using a lower level of granularity of its elements: threat, probability, criteria used to determine an asset's value, exposure, frequency and existing protection measure.

References
  1. By Jake Kouns and Daniel Minoli 2010. ISBN:9780471762546. Information Technology Risk Management in Enterprise Environments: A Review of Industry Practices and a Practical Guide to Risk Management Teams
  2. MARGERIT – Version 2: Methodology for Information Systems Risk Analysis and Management. Book I – The Method, Published by MINISTERIO DE ADMINISTRACIONES PU´ BLICAS, Madrid, 20 June 2006 (v 1. 1), NIPO: 326-06-004-8.
  3. By E. Andreas, F. Stefan, N. Thomas : AURUM : A Framework for Information Security Risk Management. Hawaii International Conference on System Sciences – 2009.
  4. By K. Hemanth, B. Sofiene, A. Logrippo : A framework for risk assessment in access control systems. computers & security 39 ( 2013 ) 86 – 103
  5. M. Raydel, F. Stefan : Automation Possibilities in Information Security Management. 2011 European Intelligence and Security Informatics Conference. 259-262.
  6. S. Mohamed, A. Abdulkader : A new comprehensive framework for enterprise information security risk management. Applied Computing and Informatics. 2011. 107-118.
  7. S. Palaniappan, A. Rabiah, Y. Mariana : A conceptual framework of info structure for information security risk assessment (ISRA). Journal of Information Security and Applications. 2013. 45-52.
  8. By Jake Kouns and Daniel Minoli 2010. ISBN: 9780471762546. Information Technology Risk Management in Enterprise Environments: A Review of Industry Practices and a Practical Guide to Risk Management Teams.
  9. Information technology—Security techniques— Information security risk management. INTERNATIONAL STANDARD ISO/IEC 27005 First edition 2008-06-15.
  10. Mark Ryan M. Talabis and Jason L. Martin 2013. ISBN:9781597497350. Information Security Risk Assessment Toolkit: Practical Assessments Through Data Collection and Data Analysis
  11. Prentice Hall; 3 edition, 2009. Stuart J. Russell and Peter Norvig, "Artificial Intelligence: a Modern Approach".
  12. Roxanne E. Burkey and Charles V. Breakfield (eds. ) 2001. Designing a Total Data Solution: Technology, Implementation, and Deployment. ISBN:9780849308932
  13. Automating System Security Audits. ISACA Journal, volume 1, 2004.
  14. "Autonomous and Intelligent Mobile Systems based on Multi-Agent Systems" Auteurs: A. Sayouti and H. Medromi. Book Chapter in the book "Multi-Agent Systems - Modeling, Control, Programming, Simulations and Applications", ISBN 978-953-307-174-9, InTech, April 4, 2011.
Index Terms

Computer Science
Information Sciences

Keywords

ISO27005 MEHARI EBIOS SP800-30 (Nist) CRAMM.