Enterprise Software

Analysis of Information Security Problem by Probabilistic Risk Assessment

Date Added: Aug 2009
Format: PDF

The information security risk assessment is investigated from perspectives of most advanced Probabilistic Risk Assessment (PRA) for nuclear power plants. Accident scenario enumeration by initiating events, mitigation systems and event trees are first described and demonstrated. Assets, confidentiality, integrity, availability, threats, vulnerabilities, impacts, likelihoods, and safeguards are reformulated by the PRA. Two illustrative examples are given: network access attacker and physical access attacker. Defenseless time spans and their frequencies are introduced to cope with non-rare initiating events of information security problems. A common event tree structure may apply to variety of security problems, thus facilitating the risk assessment.