标题：Dynamic Assessment and VaR-based Quantification of Information Security Risk
作者：Qi, Wenjing; Liu, Xue; Zhang, Jian; Yuan, Weihua
作者机构：[Qi, Wenjing; Zhang, Jian; Yuan, Weihua] Shandong Jianzhu Univ, Sch Comp Sci & Technol, Jinan, Peoples R China.; [Liu, Xue] Shandong Coll Elect Tech 更多
会议名称：2nd International Conference on E-Business and Information System Security (EBISS)
会议日期：MAY 22-23, 2010
来源：2010 2ND INTERNATIONAL CONFERENCE ON E-BUSINESS AND INFORMATION SYSTEM SECURITY (EBISS 2010)
关键词：security risk; dynamic risk assessment; risk quantification;; Value-at-Risk
摘要：Risk assessment and quantification is crucial to the effectiveness of information security measure deployed in an organization. A dynamic risk assessment process is presented in this paper to cope with the variation and diversity of threats in the information system. To give a clear perspective of the information risk without confusing by the complexity of so many risk factors, an risk quantification model and a VaR-based risk measure are presented, through which, risk can be represented by the prospective maximum daily loss under certain confidence level. We test our risk quantification model and measure in a real network environment.