Problem Analysis of Traditional IT-Security Risk Assessment Methods - An Experience Report from the Insurance and Auditing Domain
نویسندگان
چکیده
Traditional information technology (IT) security risk assessment approaches are based on an analysis of events, probabilities and impacts. In practice, security experts often find it difficult to determine IT risks reliably with precision. In this paper, we review the risk determination steps of traditional risk assessment approaches and report on our experience of using such approaches. Our experience is based on performing IT audits and IT business insurance cover assessments within a reinsurance company. The paper concludes with a summary of issues concerning traditional approaches that are related to the identification and evaluation of events, probabilities and impacts. We also conclude that there is a need to develop alternative approaches, and suggest a security requirements-based risk assessment approach without events
منابع مشابه
ارائه الگویی برای ارزیابی ریسک آتشسوزیهای عمدی
Background & Objectives : It is not possible to live without using fire. However, fire could destruct human properties in a short time. One of the most important types of fire is intentional fire. This type of fire has become a great problem for insurance companies, fire departments, industries, government and business in the recent years. This study aimed to provide a framework for risk assess...
متن کاملImproving Fraud and Abuse Detection in General Physician Claims: A Data Mining Study
Background We aimed to identify the indicators of healthcare fraud and abuse in general physicians’ drug prescription claims, and to identify a subset of general physicians that were more likely to have committed fraud and abuse. Methods We applied data mining approach to a major health insurance organization dataset of private sector general physicians’ prescription claims. It involved 5 ste...
متن کاملRisk management in the sphere of state economic security provision using professional liability insurance
This study contains a comprehensive scientific analysis of modern problems of risk management in the sphere of state economic security provision using professional liability insurance. The elements of the mechanism for providing economic security are defined, namely: subjects, objects, and instruments of influence. It is stipulated that insurance is the means to provide state economic security....
متن کاملPeer Assessment in evaluation of Medical sciences students
Introduction: Recently, peer assessment is especially noticed as a progress evaluation method. Although it is a known method, it is a novel method in many countries that they use traditional methods. Then the topic of current review article is peer assessment in medical education. Methods: The documents related to peer assessment, advantages, disadvantages, applications and how use it extracte...
متن کاملAudES - An Expert System for Security Auditing
Computer security auditing constitutes an important part of any organization’s security procedures. Because of the many inadequacies of currently used manual methods, thorough and timely auditing is often difficult to attain. Recent literature suggests that expert systems techniques can offer significant benefits when applied to security procedures such as risk analysis, security auditing and i...
متن کامل