Asset Valuation Method for Dependent Entities
Asset analysis and valuation are important parts of the information security risk management. Outputs they produce are used in the process of risk analysis that plays a key role in securing organi-zation's business processes. A correct analysis and valuation of assets should reveal not only the...
Saved in:
| Main Author: | |
|---|---|
| Other Authors: | |
| Format: | Article |
| Language: | English |
| Published: |
2017
|
| Subjects: | |
| Online Access: | https://hdl.handle.net/10356/83343 http://hdl.handle.net/10220/42540 http://isyou.info/jisis/vol4/no3/5.htm |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| Institution: | Nanyang Technological University |
| Language: | English |
| Summary: | Asset analysis and valuation are important parts of the information security risk management. Outputs they produce are used in the process of risk analysis that plays a key role in securing organi-zation's business processes. A correct analysis and valuation of assets should reveal not only their importance for the organization, but also their relationships and dependencies between each other. There is a lack of works considering asset dependencies for the risk management purposes, this part is usually left for a subjective perception of a risk analyst, who should adjust the risk values in the end. In our work we propose a systematic approach for including asset dependencies in the asset valuation process. We inspect the relations between assets from the common security attributes point of view-confidentiality, integrity and availability. Our method should help to formalize the problem with dependent entities in the organization's model. |
|---|