Article: A risk assessment model for information security Journal: International Journal of Business and Systems Research (IJBSR) 2011 Vol.5 No.2 pp.158 - 171 Abstract: This paper aims at studying information attacks and related financial losses by assessing risks from these attacks. Firstly, a computational model on risk assessment is developed. A comparison study of information attacks in the USA and the UK is then conducted based on this model. Secondly, risk assessment is performed on attacks on the information systems and resulting financial losses in the USA based on growth indices and growth rates of risk assessments. Finally, correlation analysis is conducted to analyse relationships between attacks and financial losses in the USA. The study will help people to understand better how severe the current threat on computer information system is and which attack types cause more financial losses. The developed computational model can be used to assess risks for different attack types, and gauge relative risks introduced by each attack. Inderscience Publishers - linking academia, business and industry through research

Title: A risk assessment model for information security

Authors: June Wei, Lai C. Liu, Kai S. Koong, Yi Li

Addresses: Department of Management/MIS, College of Business, University of West Florida, 11000 University Parkway, Pensacola, FL 32514, USA. ' Department of Computer Information Systems and Quantitative Methods, College of Business Administration, University of Texas Pan American, 1201 West University Drive, Edinburg, TX 78539, USA. ' Department of Computer Information Systems and Quantitative Methods, College of Business Administration, University of Texas Pan American, 1201 West University Drive, Edinburg, TX 78539, USA. ' E-Security Consultant Company, Washington, DC, USA

Abstract: This paper aims at studying information attacks and related financial losses by assessing risks from these attacks. Firstly, a computational model on risk assessment is developed. A comparison study of information attacks in the USA and the UK is then conducted based on this model. Secondly, risk assessment is performed on attacks on the information systems and resulting financial losses in the USA based on growth indices and growth rates of risk assessments. Finally, correlation analysis is conducted to analyse relationships between attacks and financial losses in the USA. The study will help people to understand better how severe the current threat on computer information system is and which attack types cause more financial losses. The developed computational model can be used to assess risks for different attack types, and gauge relative risks introduced by each attack.

Keywords: information attacks; risk assessment; financial losses; information security; computational models; comparison studies; United States; USA; United Kingdom; UK; information systems; growth indices; ICT; information technology; communications technology; growth rates; correlation analysis; relationship analysis; threats; computer networks; attack types; telecommunications; relative risks; service denial; laptops; theft; telecom fraud; unauthorised access; viruses; financial fraud; insider abuse; net access; internet; world wide web; system penetration; sabotage; proprietary information; business; systems research.

DOI: 10.1504/IJBSR.2011.038800

International Journal of Business and Systems Research, 2011 Vol.5 No.2, pp.158 - 171

Published online: 17 Apr 2015 *

Full-text access for editors Full-text access for subscribers Purchase this article Comment on this article

Title: A risk assessment model for information security

Keep up-to-date