Impact Analysis for Risks in Informatics Systems
Floarea Baicu, Maria Alexandra Baches
TL;DR
This paper discusses impact analysis methods for security risks in informatics systems, combining qualitative and quantitative approaches to assess vulnerabilities, security levels, and potential financial losses from security incidents.
Contribution
It introduces a comprehensive framework linking vulnerability exploitation risks, system security levels, and financial impacts, supported by practical examples and a CSI study.
Findings
Risk and impact relationships are quantitatively modeled.
Examples illustrate potential financial losses from security breaches.
The study emphasizes importance of impact analysis in security management.
Abstract
In this paper are presented methods of impact analysis on informatics system security accidents, qualitative and quantitative methods, starting with risk and informational system security definitions. It is presented the relationship between the risks of exploiting vulnerabilities of security system, security level of these informatics systems, probability of exploiting the weak points subject to financial losses of a company, respectively impact of a security accident on the company. Herewith are presented some examples concerning losses caused by excesses within informational systems and depicted from the study carried out by CSI.
Peer Reviews
No public reviews on file for this paper yet. If you reviewed it on a platform where reviews are public (OpenReview, ICLR, NeurIPS, ICML), you can paste yours below so the community can read it here.
Videos
No videos yet. Explain this paper in a talk, walkthrough, or lecture? Add one.
Taxonomy
TopicsInformation and Cyber Security