Quantitative risk analysis for data storage systems
[ 1 ] Instytut Automatyki i Inżynierii Informatycznej, Wydział Elektryczny, Politechnika Poznańska | [ P ] employee
2013
paper
english
- data storage
- security
- risk analysis
EN In IT systems quantitative risk analysis is a method for security risk assessment used as a part of risk management process which in turn is a part of security policy. The main advantage of the method (in comparison to other techniques) is its accuracy - a better start point for security policy definition. Obviously the accuracy is directly related to input data dependability. The basic problem of the method is related to acquisition of input data necessary to perform the analysis. Data should be complete and reliable. The main purpose of the paper is to define comprehensive set of data necessary for the quantitative risk analysis for data storage systems (including magnetic disks and solid state disks) and to discuss trustworthiness of the data. Such comprehensive set of data should include data related to storage technology, features of storage processes (e.g. compression, deduplication), security events probabilities. Some of the parameters are dynamic, they change in time, they are related to environmental conditions. Different sources, different means of data acquisition are presented together with discussion on trustworthiness and dependability of the acquired data in the second part of the paper.
124 - 135
WoS (15)