Jakub BreierPhysical Analysis and Cryptographic Engineering, Temasek Laboratories@NTU School of Physical and Mathematical Sciences, Division of Mathematical Sciences, Nanyang Technological University, Singapore firstname.lastname@example.org
Asset analysis and valuation are important parts of the information security risk management. Outputs
they produce are used in the process of risk analysis that plays a key role in securing organization’s
business processes. A correct analysis and valuation of assets should reveal not only their
importance for the organization, but also their relationships and dependencies between each other.
There is a lack of works considering asset dependencies for the risk management purposes, this part
is usually left for a subjective perception of a risk analyst, who should adjust the risk values in the
In our work we propose a systematic approach for including asset dependencies in the asset valuation
process. We inspect the relations between assets from the common security attributes point
of view - confidentiality, integrity and availability. Our method should help to formalize the problem
with dependent entities in the organization’s model.