Method and tool for information security assessment that integrates enterprise objectives with vulnerabilities

2009-6-29
Karabey, Buğra
Baykal, Nazife
In one aspect, a method to assess information security vulnerability of an enterprise includes storing enterprise objectives in a computer system, storing enterprise resources determined using a value criterion, a rareness criterion, an inimitability criterion and a non-substitutability criterion in the computer system and storing enterprise information assets in the computer system. The method also includes mapping the enterprise objectives with the enterprise resources and mapping the enterprise information assets with the enterprise resources. The method further includes determining a threat analysis using an attack tree using the enterprise resources and the information assets and determining a risk value using the attack tree.
Citation Formats
B. Karabey and N. Baykal, “Method and tool for information security assessment that integrates enterprise objectives with vulnerabilities ,” 00, 2009.