Académique Documents
Professionnel Documents
Culture Documents
analysis method
comparison
INFIGO-
INFIGO-MD-
MD-2006-
2006-06-
06-01
05-
05-06-
06-2006
Hrvoje Segudovic
Hrvoje.Segudovic@infigo.hr
This paper was originally published at MIPRO 2007 conference within ISS track.
Paper is intended for public use and may be used, referred to or quoted only in its
original form and source referral.
Table of contents
1. SUMMARY 4
2. INTRODUCTION 5
3. RISK ASSESSMENT 6
4. QUANTITATIVE APPROACH 7
5. QUALITATIVE APPROACH 8
6. METHODS 9
8.1. ASSUMPTIONS 15
8.2. RISK ASSESSMENT 15
9. CONCLUSION 17
9
8
7
6
5
Value
4
3
2
1
0
0 1 2 3 4 5 6 7 8
Assessed risk
Cumulative
Cumulative risk distribution method 1
45
40
35
30
25
Value
20
15
10
5
0
0 1 2 3 4 5 6 7 8
Assessed risk
2
Value
0
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25
Assessed risk
25
20
15
Value
10
0
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25
Assessed risk
8.1. ASSUMPTIONS
The modified qualitative risk assessment method is based on the following assumptions:
Every resource has its value,
Each resource is either vulnerable or its not,
If a system is vulnerable, there is at least one threat that can be realized (threats and
vulnerabilities depend on each other),
A threat has a certain probability of being realized, depending on circumstances,
A threat has certain consequences that depend on circumstances.
Value
3
0
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45
Assessed risk
45
40
35
30
25
Value
20
15
10
0
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45
Assessed risk