Complex vs. simple asset modeling approaches for information security risk assessment: Evaluation with MAGERIT methodology
Complex vs. simple asset modeling approaches for information security risk assessment: Evaluation with MAGERIT methodology
A proper asset modeling is essential to develop an information security risk assessment in any corporation. A too complex model will take a long development time and may require parameter values difficult to get. On the contrary, a too simple model will provide inaccurate estimations of risks, although it could be developed fast. One of the characteristic that most influences the complexity of the model is the way to characterize the dependence between assets, generally using a dependency graph. This work evaluates how slight variations in the complexity of the dependency graph affect to estimated risks. To carry out the evaluation, the MAGERIT methodology is used because it can handle graphs of variable complexity and allows qualitative or quantitative asset valuation. Finally, this work provides insights to select a proper complexity for the asset modeling approach used.
- University of Oviedo Spain
selected citations These citations are derived from selected sources.This is an alternative to the "Influence" indicator, which also reflects the overall/total impact of an article in the research community at large, based on the underlying citation network (diachronically).5 popularity This indicator reflects the "current" impact/attention (the "hype") of an article in the research community at large, based on the underlying citation network.Average influence This indicator reflects the overall/total impact of an article in the research community at large, based on the underlying citation network (diachronically).Top 10% impulse This indicator reflects the initial momentum of an article directly after its publication, based on the underlying citation network.Average
Citations provided by BIP!Popularity provided by BIP!