A Formal Approach for Secured Risk Assessment
摘要
Information security management is a managerial activity that keeps the information security risk of an enterprise at some acceptable level. The process requires risk assessment iterations and non-trivial resources. At the same time, business executives compete for finite resources to invest in general business activities. The executives are motivated to intentionally reduce the resource assignment for risk assessmentRisk assessment to broaden the estimated risk variance and then choose the lower limit to underestimate the actual risks. This study proposes a model-based risk assessment approach; it guarantees that an additional, thus expected to be costly, fine-grained risk assessment always gives a refined subset of the possible incidents compared to that of the relatively coarse-grained, therefore cheaper, risk assessment. In other words, estimated incidents roughly decrease with the growth of assessment cost. We expect this property to secure the risk management process from conflicts between the business executives and the security practitioners. Our approach introduces the concept named aggregation and segregation of facts appearing in attack graph analysis, a prominent approach in model-based network security risk analysis. This study contributes to expanding the attack graph analysis to enable secured risk assessment.