Attack Tree Based Information Security Risk Assessment Method Integrating Enterprise Objectives with Vulnerabilities

2013-05-01
Karabey, Bugra
Baykal, Nazife
In order to perform the analysis and mitigation efforts related with the information security risks there exists quantitative and qualitative approaches, but the most critical shortcoming of these methods is the fact that the outcome mainly addresses the needs and priorities of the technical community rather than the management. For the enterprise management, this information is essentially required as a decision making aid for the asset allocation and the prioritization of mitigation efforts, so, ideally the outcome of an information security risk method must be in synchronization with the enterprise objectives to act as a useful decision tool for the management. also, in the modelling of the threat domain, attack trees are frequently utilized However the execution of attack tree modelling is costly from the effort and timing requirements and also, has inherent scalability issues. so, within this article our design-science research based work on an information security risk assessment method that addresses these two issues of enterprise objective inclusion and model scalability will be outlined
INTERNATIONAL ARAB JOURNAL OF INFORMATION TECHNOLOGY

Suggestions

Optimal portfolio strategies under various risk measures
Meral, Alev; Uğur, Ömür; Department of Financial Mathematics (2013)
In this thesis, we search for optimal portfolio strategies in the presence of various risk measure that are common in financial applications. Particularly, we deal with the static optimization problem with respect to Value at Risk, Expected Loss and Expected Utility Loss measures. To do so, under the Black-Scholes model for the financial market, Martingale method is applied to give closed-form solutions for the optimal terminal wealths, then via representation problem the optimal portfolio strategies are ac...
ASSESSMENT OF SUPPLIER RISK FOR COPPER PROCUREMENT
Buzdogan-Lindenmayr, Ezgi; Kara, Guray; Kestel, Sevtap Ayşe (2019-01-01)
Procurement risk management (PRM) requires a good understanding and assessment of all potential risks. As the procurement industry mostly functions globally and the supply-demand chain forms a dependency structure among all interested parties, the quantification of risks related to the suppliers gain importance. This study presents a systematic PRM to evaluate and quantify the risks of a commodity associated to its suppliers. The probabilistic set up using total probability theorem on the information collec...
Stability advances in robust portfolio optimization under parallelepiped uncertainty
Kara, Guray; Ozmen, Ayse; Weber, Gerhard Wilhelm (2019-03-01)
In financial markets with high uncertainties, the trade-off between maximizing expected return and minimizing the risk is one of the main challenges in modeling and decision making. Since investors mostly shape their invested amounts towards certain assets and their risk aversion level according to their returns, scientists and practitioners have done studies on that subject since the beginning of the stock markets' establishment. In this study, we model a Robust Optimization problem based on data. We found...
Enterprise resource planning systems selection process
Kenaroğlu, Bahar; Erdil, Erkan; Department of Science and Technology Policy Studies (2004)
In this study, a research is developed to establish a comprehensive framework for ERP systems selection process and provide guidance for better ERP systems selection and evaluation by investigating all the aspects of the selection process. The research is conducted through a comprehensive study prior to key information systems journals, conferences, overall enterprise information systems materials in electronic databases, and also in practitioner journals. As a result, the study is able to present a compreh...
A risk management approach for acquisition of software intensive systems in the Turkish Army.
Saylan, Necip; Demirös, Elif; Demirös, Onur; Department of Information Systems (2002)
The current techniques of risk assessment rely on checklists and human expertise. This constitutes a rigorous approach only when the people are experts on risk assessment. This thesis introduces a formal method and addresses the necessity of the identification and analysis of the risk. During implementation of risk management process, risk assessment will be discussed within an acquisition of software intensive systems in the Turkish Army. This thesis includes a survey and comparison of other software risk ...
Citation Formats
B. Karabey and N. Baykal, “Attack Tree Based Information Security Risk Assessment Method Integrating Enterprise Objectives with Vulnerabilities,” INTERNATIONAL ARAB JOURNAL OF INFORMATION TECHNOLOGY, pp. 297–304, 2013, Accessed: 00, 2020. [Online]. Available: https://hdl.handle.net/11511/52819.