In Jung Kim , Young Gyo Lee , Yoon Jung Chung , Dong Ho Won

The KIPS Transactions:PartC, Vol. 12, No. 7, pp. 989-998, Dec. 2005
10.3745/KIPSTC.2005.12.7.989,   PDF Download:

Abstract

Information systems are today becoming larger and mostly broadband-networked. This exposes them at a higher risk of intrusions and hacking than ever before. Of the technologies developed to meet information system securityneeds, risj abalysis is currently one of the most actively researched areas. Meanwhile, due to the extreme diversity of assets and complexity of network structure, there is a limit to the level of accuracy which can be achieved by an analysis tool in the assessment of risk run by ab information system. Also, the results of a risk assessment are most oftennot up-to-date due to the changing nature of security threats. By the time an evaluation and associated set of solutions are ready, the nature and level of vulnerabilities and threats have evelved and increased, making them obsolete. Accordingly, what is needed is a risk analysis tool capable of assesing threats and propagation of damage, at the same time as security solutions are being identified. To do that, the information system must be simplefied, and intrusion data must be diagrammed, using a modeling technique. int this paper, we propose a modeling techniquefor information systems to enable security risk analysis, using SPICE and Petri-net, and conduct simulations of risk analysis on a number of case studies.,

Statistics
Cite this article