Formalized Method Based on Extenics for Information Security Risk Identification

摘要

Information security risk has become an important attention for todayȁ9; s most organizations and risk management was introduced as an effective mechanism. The risk analysis, including risk identification and estimation, is the basis of risk management. In practice, most studies on risk analysis focus on estimation method and identification of risk elements is nothing but reference to given tables. This paper presents a formalized risk identification method that performs an overall analysis on organization from material, antithetical, dynamic and systematic nature by utilizing conjugate analysis method. This method is one of extension methods in Extenics and identifies systematically and comprehensively not only risk elements but also relationships between them and provides sufficient information for the following risk estimation to ensure effectiveness of risk management.