Information asset modelling for risk analysis

摘要

An information technology-driven organization, in which most business is carried out and its revenue is presented through information technology, increasingly provides their key functions through computer systems and networks. These kinds of environments have prompted every day cyber threats through computer technology and Internet infrastructure. Current issues are rising for the matter of risk analysis on information technology transactions. To fulfil accurate risk estimation of this, different approaches are required to consider what each information asset is and what cyber vulnerabilities it is open to. In order to succeed, first it is necessary to identify its model of information asset, unlike conventional assets where each asset can be figured out as a whole value, then measure the value of it. In this paper, we are trying to show the methods and approaches to applying risk analysis to the information technology field. Hereafter, we identify key elements consisting of assets of a computer system. After its completion, we create a mathematic function to calculate its value based on the asset elements. The research results will yield an implementation of an automatic risk assessment tool for computer networks.