Measure Model of Security Risk Based on Utility

doi:10.13190/jbupt.200602.59.pengjh

JOURNAL OF BEIJING UNIVERSITY OF POSTS AND TELECOM ›› 2006, Vol. 29 ›› Issue (2): 59-61.doi: 10.13190/jbupt.200602.59.pengjh

• Papers • Previous Articles Next Articles

Measure Model of Security Risk Based on Utility

PENG Jun-hao，XU Guo-ai，YANG Yi-xian，TANG Yong-li

Information Security Center, Beijing University of Posts and Telecommunications

Online:2006-04-28 Published:2006-04-28

Abstract

Abstract: Utility function was introduced into security risk area, and its inverse function is used to define absolute loss effect and relative loss effect as measure of risk. They are used to build criteria of risk rank. Absolute loss effect can measure the difference of risk between security incidents with high loss，low probability and security incidents with low loss，high probability. Relative loss effect can measure the difference of risk tolerance among organizations with different scale, but the average loss used very often can't measure these differences.

Key words: information security, risk evaluation, utility theory, loss effect

PENG Jun-hao，XU Guo-ai，YANG Yi-xian，TANG Yong-li. Measure Model of Security Risk Based on Utility[J]. JOURNAL OF BEIJING UNIVERSITY OF POSTS AND TELECOM, 2006, 29(2): 59-61.

[1]	LEI Wei-jia, SHENG Jie, XIE Xian-zhong. Encoding and Decoding Scheme of Security-Enhanced LT Codes [J]. JOURNAL OF BEIJING UNIVERSITY OF POSTS AND TELECOM, 2016, 39(4): 108-113.
[2]	YANG Hong-yu, CHENG Xiang. Information System Risk Control Method Based on Work-Flow [J]. JOURNAL OF BEIJING UNIVERSITY OF POSTS AND TELECOM, 2016, 39(3): 105-109.
[3]	ZHANG Feng, FU Jun, YANG Guang-hua, JING Yi-xin, TANG Wei. Research of Web Access Log Analysis of Security Technology [J]. JOURNAL OF BEIJING UNIVERSITY OF POSTS AND TELECOM, 2014, 37(2): 93-98.
[4]	GE Hai-hui, ZHENG Shi-hui, CHEN Tian-ping, YANG Yi-xian. Fuzzy Risk Assessment of Information Security Threat Scenario [J]. JOURNAL OF BEIJING UNIVERSITY OF POSTS AND TELECOM, 2013, 36(6): 89-92,107.
[5]	LU Feng；ZHENG Kang-feng；NIU Xin-xin；YANG Yi-xian. Construct a Risk-Aware Peer-to-Peer Security Trust Model [J]. JOURNAL OF BEIJING UNIVERSITY OF POSTS AND TELECOM, 2010, 33(1): 33-37.
[6]	QIN Hua-wang;DAI Yue-wei;WANG Zhi-quan. Threshold Signature Scheme Based on the General Access Structure [J]. JOURNAL OF BEIJING UNIVERSITY OF POSTS AND TELECOM, 2009, 32(6): 102-104.
[7]	LuZhenbang,ZHOU Bo. Hierarchical Risk Assessment Based on Shapley Entropies and Choquet Integrals [J]. JOURNAL OF BEIJING UNIVERSITY OF POSTS AND TELECOM, 2009, 32(6): 83-87.
[8]	WANG Xiao-zhen1,2,LU Zhi-gang1,2,LIU Bao-xu1. Algorithm of Information Security Risk Evaluation Based on OCTAVE and Grey System [J]. JOURNAL OF BEIJING UNIVERSITY OF POSTS AND TELECOM, 2009, 32(5): 128-131.
[9]	LEI Xin-Feng. Implement of Chinese-Wall Model Based on an Open Synthetical Security Model [J]. JOURNAL OF BEIJING UNIVERSITY OF POSTS AND TELECOM, 2009, 32(3): 73-76.
[10]	XU Guo-ai1, ZHANG Miao1, CHEN Ai-guo1, LI Zhong-xian2 . An Integer Overflow Detection Method Based on Integer Variable Unification [J]. JOURNAL OF BEIJING UNIVERSITY OF POSTS AND TELECOM, 2008, 31(6): 90-93.
[11]	LI Da-lin, LIN Xue-hong, LIN Jia-ru, WU Wei-ling. A Necessary Condition for Secure Network Coding [J]. JOURNAL OF BEIJING UNIVERSITY OF POSTS AND TELECOM, 2008, 31(5): 9-12.
[12]	TANG Yong-li1,2, XU Guo-ai1, NIU Xin-xin1, YANG Yi-xian1. Research on Information Security Risk Analysis Model Using Information Entropy [J]. JOURNAL OF BEIJING UNIVERSITY OF POSTS AND TELECOM, 2008, 31(2): 50-53.
[13]	LEI Xin-feng1, LIANG Ming-xiao2, LIU Jun1, XIAO Jun-mo1 . An Open Synthetical Security Model [J]. JOURNAL OF BEIJING UNIVERSITY OF POSTS AND TELECOM, 2008, 31(1): 18-21.
[14]	ZHAO He-ping. Application of Message Extension to Spacecraft Telecommand Data Protection [J]. JOURNAL OF BEIJING UNIVERSITY OF POSTS AND TELECOM, 2006, 29(6): 5-8.
[15]	DONG Wei, YANG YI-xian, NIU XIN-xin. Security Technology Research of GlobalPlatform Based on JavaSIM Card [J]. JOURNAL OF BEIJING UNIVERSITY OF POSTS AND TELECOM, 2006, 29(3): 91-94.

Measure Model of Security Risk Based on Utility

PDF

Knowledge

Abstract

Cite this article

share this article

References

Related Articles 15

Recommended Articles

Metrics

Comments