Journal Article

Information Security Risk Modeling Using Bayesian Index

Chien-Lung Chan

in The Computer Journal

Published on behalf of British Computer Society

Volume 54, issue 4, pages 628-638
Published in print April 2011 | ISSN: 0010-4620
Published online July 2010 | e-ISSN: 1460-2067 | DOI:
Information Security Risk Modeling Using Bayesian Index

Show Summary Details


The goal of this study lies in the construction and evaluation of a Bayesian index for measuring enterprises’ information security (IS) risk. By integrating IS experts’ judgments, we constructed a quantitative Bayesian index model for the assessment of enterprises’ IS risk. The risk assessment of enterprises’ IS makes enterprises aware of their IS risk and enables them to make better decisions to reduce that risk. Through the Delphi method and in-depth interviews with domain experts, the risk factors of IS were grouped into five categories with a total of 29 risk items. The first five key indicators are as follows: (i) top management support; (ii) the impediment and detection of the attack by worms, viruses and spyware programs; (iii) the protective measure and technique against the known hacker's attack; (iv) system access privilege control password, gold key management and (v) the IS equipment/software meets the requirement. Finally, the model was cross validated with enterprises that have implemented International Organization for Standardization/International Electro-technical Commission 27001. The study demonstrated that a subjective Bayesian model can be used to develop a reliable index for measuring IS risk, with potential for practical application in the management of the IS risk.

Keywords: information security; risk assessment; risk management; Bayesian index

Journal Article.  0 words. 

Subjects: Computer Science

Full text: subscription required

How to subscribe Recommend to my Librarian

Users without a subscription are not able to see the full content. Please, subscribe or login to access all content. subscribe or login to access all content.