Scientific Research and Essays

  • Abbreviation: Sci. Res. Essays
  • Language: English
  • ISSN: 1992-2248
  • DOI: 10.5897/SRE
  • Start Year: 2006
  • Published Articles: 2740

Review

A Bayesian networks-based security risk analysis model for information systems integrating the observed cases with expert experience

Nan Feng and Jing Xie*
College of Management and Economics, Tianjin University, 300072 Tianjin, China.
Email: [email protected]

  •  Accepted: 02 December 2011
  •  Published: 16 March 2012

Abstract

 

In the process of security risk analysis for information systems, establishing an appropriate model suitable for the target security risk problem is a crucial task that will ultimately influence the effectiveness of risk analysis results. For inducing a representative model for observed information systems, a security risk analysis model is proposed based on the knowledge from observed cases and domain experts. In this model, a Bayesian network (BN) is developed by integrating the database of observed cases with domain expert experience and knowledge. Based on the BN, the model facilitates the visibility and repeatability of the decision-making process of security risk analysis. Finally, the model is further demonstrated and validated via a case study.

 

Key words: information systems, risk analysis, Bayesian networks, probabilistic inference.