Corpus ID: 15343428

Information Security Risk Analysis – a Matrix-based Approach

  title={Information Security Risk Analysis – a Matrix-based Approach},
  author={S. Goel and V. Chen},
This paper presents an information security risk analysis methodology that links the assets, vulnerabilities, threats and controls of an organization. The approach uses a sequence of matrices that correlate the different elements in the risk analysis. The data is aggregated and cascaded across the matrices to correlate the assets with the controls such that a prioritized ranking of the controls based on the assets of the organization is obtained. The approach does not obfuscate the intermediate… Expand
A Comparative Study on Information Security Risk Analysis Practices
E-business Information Systems Security Design Paradigm and Model
Effective Methodology for Security Risk Assessment of Computer Systems
Innovative model for information assurance curriculum: A teaching hospital
RFID: Risks to the Supply Chain


The IS risk analysis based on a business model
Model-based risk assessment – the CORAS approach
Structures of responsibility and security of information systems
EDP risk analysis
An Analytical Survey of Information System Security Design Methods: Implications for Information Systems Development
  • ACM Computing Surveys, 375-414.
  • 1993
The use of the CCTA risk analysis and management methodology CRAMM
  • Proc. MEDINFO92, North Holland, 1589 –1593.
  • 1992
A System Security Engineering Process
  • Proceedings of the 14th National Computer Security Conference, Washington, DC.
  • 1991
Managers guide to computer security