Viewpoint of ISO GMITS and Probabilistic Risk Assessment in Information Security

Viewing the previous studies on the quantification of information security risks, one of the most popular tools is ISO GMITS, which quantifies the risk of information asset on the whole based on the scores of information asset, threat, and vulnerability. However, in her previous study, the author maintained that "Probabilistic risk assessment" (here after abbreviated as PRA), which has been traditionally employed in assessing the risk of physical systems such as a nuclear reactor and a chemical plant, is superior to GMITS in the ability of generating the scenario of hazard occurrence, and so on.