Many-Sided Self Risk Analysis Model for Information Asset to Secure Stability of the Information and Communication Service
Information and communication service providers
(ICSP) that are significant in size and provide Internet-based services
take administrative, technical, and physical protection measures via
the information security check service (ISCS). These protection
measures are the minimum action necessary to secure the stability and
continuity of the information and communication services (ICS) that
they provide. Thus, information assets are essential to providing ICS,
and deciding the relative importance of target assets for protection is a
critical procedure. The risk analysis model designed to decide the
relative importance of information assets, which is described in this
study, evaluates information assets from many angles, in order to
choose which ones should be given priority when it comes to
protection. Many-sided risk analysis (MSRS) grades the importance of
information assets, based on evaluation of major security check items,
evaluation of the dependency on the information and communication
facility (ICF) and influence on potential incidents, and evaluation of
major items according to their service classification, in order to
identify the ISCS target. MSRS could be an efficient risk analysis
model to help ICSPs to identify their core information assets and take
information protection measures first, so that stability of the ICS can
be ensured.
[1] Korea National Statistical Office, Statistical Information System, "Size of
e-Commerce, number of Internet banking accounts, and online stocking
trade in Korea", http://kosis.nso.go.kr
[2] Korea Information Security Agency, Korea Internet Security Center,
"Monthly report on hacking virus statistics and analysis,
http://www.krcert.or.kr
[3] J. H. Shin, "ISCS (Information Security Check Service) for the Safety and
Reliability of Communications", WEC ICIS 2005 Proceeding, June 2005.
[4] Korea Information Security Agency, "Vulnerability Analysis &
Assessment Methodology version", 2002.
[5] NIST, "Risk Management Guide for Information Technology Systems"
2001.
[6] J. Heo, "Risk Analysis Methodology for New IT Service", 18th Annual
FIRST Conference, June 2006.
[1] Korea National Statistical Office, Statistical Information System, "Size of
e-Commerce, number of Internet banking accounts, and online stocking
trade in Korea", http://kosis.nso.go.kr
[2] Korea Information Security Agency, Korea Internet Security Center,
"Monthly report on hacking virus statistics and analysis,
http://www.krcert.or.kr
[3] J. H. Shin, "ISCS (Information Security Check Service) for the Safety and
Reliability of Communications", WEC ICIS 2005 Proceeding, June 2005.
[4] Korea Information Security Agency, "Vulnerability Analysis &
Assessment Methodology version", 2002.
[5] NIST, "Risk Management Guide for Information Technology Systems"
2001.
[6] J. Heo, "Risk Analysis Methodology for New IT Service", 18th Annual
FIRST Conference, June 2006.
@article{"International Journal of Electrical, Electronic and Communication Sciences:58245", author = "Jin-Tae Lee and Jung-Hoon Suh and Sang-Soo Jang and Jae-Il Lee", title = "Many-Sided Self Risk Analysis Model for Information Asset to Secure Stability of the Information and Communication Service", abstract = "Information and communication service providers
(ICSP) that are significant in size and provide Internet-based services
take administrative, technical, and physical protection measures via
the information security check service (ISCS). These protection
measures are the minimum action necessary to secure the stability and
continuity of the information and communication services (ICS) that
they provide. Thus, information assets are essential to providing ICS,
and deciding the relative importance of target assets for protection is a
critical procedure. The risk analysis model designed to decide the
relative importance of information assets, which is described in this
study, evaluates information assets from many angles, in order to
choose which ones should be given priority when it comes to
protection. Many-sided risk analysis (MSRS) grades the importance of
information assets, based on evaluation of major security check items,
evaluation of the dependency on the information and communication
facility (ICF) and influence on potential incidents, and evaluation of
major items according to their service classification, in order to
identify the ISCS target. MSRS could be an efficient risk analysis
model to help ICSPs to identify their core information assets and take
information protection measures first, so that stability of the ICS can
be ensured.", keywords = "Information Asset, Information CommunicationFacility, Evaluation, ISCS (Information Security Check Service),Evaluation, Grade.", volume = "2", number = "4", pages = "650-8", }