A risk evaluation model for information technology (IT) services in integrated risk assessment is proposed in this paper. The model covers management systems for information security and IT services. The component-impact coefficient parameter is introduced to define the strength of the relation between assets and IT services. The concept of composition of relations and the weighted sum principle are applied to analyze and evaluate the risk of IT services. When we applied the model to IT services in operation, the risk evaluation was output as quantities that reflect the component-impact coefficient, and risk treatment prioritization was attained in the descending order of numerical values. The proposed model therefore improves the precision of risk evaluation, and application of the model allows more accurate risk evaluation than the conventional method.
CITATION STYLE
Matsumura, N., Nishigaki, M., & Hasegawa, T. (2020). Risk Evaluation Model for Information Technology Services in Integrated Risk Assessment. In Lecture Notes in Networks and Systems (Vol. 101, pp. 318–325). Springer. https://doi.org/10.1007/978-3-030-36841-8_31
Mendeley helps you to discover research relevant for your work.