Title: A new assessment and improvement model of risk propagation in information security

Authors: Suleyman Kondakci

Addresses: Faculty of Computer Sciences, Izmir University of Economics, Sakarya Cad. No. 156, 035330 Balcova-Izmir, Turkey

Abstract: This paper presents an analysis of fault propagation in information security solutions. It presents a unique and efficient approach to security assessment that can be useful for security planners, evaluators, managers, and IT owners to discover and correct weaknesses at any stage of security planning processes. Intuition and qualitative approaches are not adequate to guide accurate risk analysis in information security. In this paper, we present a rather formalised preventive approach to guide the risk management quantitatively. The quantitative approach determines the propagation of the design faults by use of a probabilistic method supported by a scoring scheme.

Keywords: risk assessment; knowledge management; policy management; security risks; risk propagation; human factors; information security; computer security; fault propagation; security planning; risk management.

DOI: 10.1504/IJICS.2007.013959

International Journal of Information and Computer Security, 2007 Vol.1 No.3, pp.341 - 366

Published online: 05 Jun 2007 *

Full-text access for editors Full-text access for subscribers Purchase this article Comment on this article