A Risk Assessment Method Based on Business Analysis in Information Security

Traditional risk assessment emphasizes the loss of asset and evaluate every asset isolated, but ignores the influence of the risk on business. For accurate evaluate information security risk, a risk assessment method based on business analysis is proposed. The method firstly obtains a business process-centric hierarchical correlation graph of assets by combing the assets, and then calculates the value of systemic risks using fuzzy cognitive map. An application of the method is studied using an example of an office automation system. Results indicate that the methods evaluate the business risk instead of traditional asset risk and calculate