Computer Science (Jan 2004)
Competitive Approach to Information System Risk Analyses
Abstract
This article presents the method of IT risk assessment from human behaviour perspective, developed by the author. It is an alternative for the commonly used approaches to risk assessment, based on vulnerability and threat identification and the probability estimation of their occurrence. The authors method applies to risk calculation factors such as administrators or users skills, attackers knowledge and determination, or attack method used. The key element of the proposed risk analysis competitive method is a mathematical formula which allows for risk level quantification.
