Risk Evaluation Model for Information Technology Services in Integrated Risk Assessment

Abstract

A risk evaluation model for information technology (IT) services in integrated risk assessment is proposed in this paper. The model covers management systems for information security and IT services. The component-impact coefficient parameter is introduced to define the strength of the relation between assets and IT services. The concept of composition of relations and the weighted sum principle are applied to analyze and evaluate the risk of IT services. When we applied the model to IT services in operation, the risk evaluation was output as quantities that reflect the component-impact coefficient, and risk treatment prioritization was attained in the descending order of numerical values. The proposed model therefore improves the precision of risk evaluation, and application of the model allows more accurate risk evaluation than the conventional method.