Motivation-Based Risk Analysis Process for IT Systems

Abstract : Information security management is one of the most important issues to be resolved. The key element of this process is risk analysis. The standards are (ISO/IEC 27000, ISO/IEC 31000) based on the complex and time consuming process of defining vulnerabilities and threats for all organisation assets. In the article we present a new approach to analysing the risk of an attack on information systems. We focus on human factor - motivation, and show its relation to hacker profiles, as well as impacts. At the beginning we introduce a new model of motivation-based risk analysis. Then we describe case study illustrating our approach for a simple set of organisation processes.
Document type :
Conference papers
Complete list of metadatas

Cited literature [11 references]  Display  Hide  Download

https://hal.inria.fr/hal-01397337
Contributor : Hal Ifip <>
Submitted on : Tuesday, November 15, 2016 - 4:53:29 PM
Last modification on : Tuesday, November 15, 2016 - 5:04:53 PM
Long-term archiving on : Thursday, March 16, 2017 - 5:25:00 PM

File

978-3-642-55032-4_45_Chapter.p...
Files produced by the author(s)

Licence


Distributed under a Creative Commons Attribution 4.0 International License

Identifiers

Citation

Agata Niescieruk, Bogdan Ksiezopolski. Motivation-Based Risk Analysis Process for IT Systems. 2nd Information and Communication Technology - EurAsia Conference (ICT-EurAsia), Apr 2014, Bali, Indonesia. pp.446-455, ⟨10.1007/978-3-642-55032-4_45⟩. ⟨hal-01397337⟩

Share

Metrics

Record views

53

Files downloads

109