|
Asset Valuation Method for Dependent
Entities Physical Analysis and Cryptographic
Engineering, Temasek Laboratories@NTU School of Physical and Mathematical
Sciences, Division of Mathematical Sciences, Nanyang Technological
University, Singapore jbreier@ntu.edu.sg Abstract Asset analysis and valuation are important parts of
the information security risk management. Outputs they produce are used in
the process of risk analysis that plays a key role in securing organization’s
business processes. A correct analysis and valuation of assets should reveal
not only their importance for the organization, but also their relationships
and dependencies between each other. There is a lack of works considering
asset dependencies for the risk management purposes, this part is usually
left for a subjective perception of a risk analyst, who should adjust the
risk values in the end. In our work we propose a systematic approach for
including asset dependencies in the asset valuation process. We inspect the
relations between assets from the common security attributes point of view - confidentiality,
integrity and availability. Our method should help to formalize the problem with
dependent entities in the organization’s model. Journal of Internet Services and Information Security (JISIS), 4(3): 72-81, August 2014 [pdf] |