- Jakub Breier
Physical Analysis and Cryptographic Engineering, Temasek Laboratories@NTU School of Physical and Mathematical Sciences, Division of Mathematical Sciences, Nanyang Technological University, Singapore
ISSN: 2182-2069 (printed) / ISSN: 2182-2077 (online)
Asset Valuation Method for Dependent Entities
Asset analysis and valuation are important parts of the information security risk management. Outputs they produce are used in the process of risk analysis that plays a key role in securing organization’s business processes. A correct analysis and valuation of assets should reveal not only their importance for the organization, but also their relationships and dependencies between each other. There is a lack of works considering asset dependencies for the risk management purposes, this part is usually left for a subjective perception of a risk analyst, who should adjust the risk values in the end. In our work we propose a systematic approach for including asset dependencies in the asset valuation process. We inspect the relations between assets from the common security attributes point of view - confidentiality, integrity and availability. Our method should help to formalize the problem with dependent entities in the organization’s model.