Summary
APNOMS (Asia-Pacific Network Operations and Management Symposium)
2013
Session Number:P3
Session:
Number:P3-10
A risk recommendation approach for information security risk assessment
Ya-chi Chu, Yu-Chih Wei, Wen-Hsuan Chang,
pp.-
Publication Date:2013/09/25
Online ISSN:2188-5079
Summary:
Nowadays, information security becomes a critical issue on protecting the benefits of business operation. Many organizations introduce security risk management to ensure the security of business processes. However, in the processes of risk assessment, it is difficult and time-consuming to identify the threats and vulnerabilities for each asset. Furthermore, if the identified results diverged from the real situation, the organization may implement unnecessary controls to prevent the non-existing risk. In order to resolve these problems, we adopt data mining approach to find the relationship between asset and threat-vulnerability. And then, we propose a recommendation scheme for assisting user identifying threat and vulnerability. The experiment result shows that our recommendation mechanism can improve the efficiency and accuracy of the risk assessment.