Information Security Risk Analysis – a Matrix-based Approach

  title={Information Security Risk Analysis – a Matrix-based Approach},
  author={Sanjay Goel and Vicki Chen},
This paper presents an information security risk analysis methodology that links the assets, vulnerabilities, threats and controls of an organization. The approach uses a sequence of matrices that correlate the different elements in the risk analysis. The data is aggregated and cascaded across the matrices to correlate the assets with the controls such that a prioritized ranking of the controls based on the assets of the organization is obtained. The approach does not obfuscate the intermediate… CONTINUE READING
Highly Cited
This paper has 152 citations. REVIEW CITATIONS
99 Citations
9 References
Similar Papers


Publications citing this paper.
Showing 1-10 of 99 extracted citations

153 Citations

Citations per Year
Semantic Scholar estimates that this publication has 153 citations based on the available data.

See our FAQ for additional information.


Publications referenced by this paper.
Showing 1-9 of 9 references

Managing Information Security Risks: The Octave

  • C. Alberts, A. Dorofee
  • Approach, Pearson Education Inc.,
  • 2003
Highly Influential
4 Excerpts

Structures of responsibility and security of information systems

  • J. Backhouse, G. Dhillon
  • European Journal of Information Systems, 5(1), 2…
  • 1996
1 Excerpt

EDP risk analysis

  • M. J. Cerullo, V. Cerullo
  • Computer Audit Journal, (2), 9-30.
  • 1994
1 Excerpt

The use of the CCTA risk analysis and management methodology CRAMM

  • B. Barber, J. Davey
  • Proc. MEDINFO92, North Holland, 1589 –1593.
  • 1992
2 Excerpts

A System Security Engineering Process

  • J. D. Weiss
  • Proceedings of the 14th National Computer…
  • 1991
1 Excerpt

Managers Guide to Computer Security

  • D. B. Parker
  • Prentice-Hall, Inc, Reston, VA, USA.
  • 1981
1 Excerpt

Similar Papers

Loading similar papers…