The Information Security Risk Estimation Engine: A Tool for Possibility Based Risk Assessment
Access Status
Authors
Date
2013Type
Metadata
Show full item recordCitation
Source Title
Source Conference
Collection
Abstract
Risk analysis methods help evaluate the costs of information security controls in relation to their benefits. Despite dramatic changes in the constellation of information security risks, the basic approach to these risk calculation methods remains unchanged. The fundamental mathematics underlying these methods is anchored to probability theory. Probability has the advantage of being widely known and conceptually simple. But it has a disadvantage in its grounding on expert estimates of frequency data because such data is often publicly unavailable. This paper proposes the use of possibility theory as an alternative grounding for information security risk calculations. Possibility theory assumes the data grounding will be estimations. The estimations include expert evaluations of both possibility and likelihood of risks. Using a design science research approach, we use possibility theory as the kernel theory in developing and evaluating a practical possibility-based risk estimation prototype. The results offer an expanded grounding to improve information security risk analysis through the use of a broader portfolio of distinct methodologies anchored to alternative mathematical theories of evidence.
Related items
Showing items related by title, author, creator and subject.
-
Pojanavatee, Sasipa (2013)Mutual funds are emerging as an opportunity for investors to automatically diversify their investments in such a way that all their money is pooled and the investment decisions are left to a professional manager. There ...
-
Johnson, G.; Scutella, R.; Tseng, Y.; Wood, Gavin; Guy, J.; Rosanna, S.; Yi-Ping, T.; Gavin, W. (2015)This report examines the relationship between structural factors, individual characteristics and homelessness. Our interest in the interaction of structural conditions and individual characteristics gives rise to two ...
-
Raymond, B.; Baskerville, Richard (2014)Increasing information security losses, coupled with more closely regulated security risk disclosure, are raising the importance of information security standards for identifying control gaps and for implementing appropriate ...