A Multidimensional Approach towards a Quantitative Assessment of Security Threats

Information security is the most challenging aspect of information processing. Organizations, governments, and individuals are facing many information security risks. These risks can cause serious damages that might lead to significant financial losses, breach of the confidentiality of sensitive information, or loss of integrity or availability of sensitive data. To facilitate effective protection of information, a better identification, understanding, and assessment of security threat and their characteristics are crucial for system security managers. In order to define and then assess security threats, we propose a new threat identification approach on which we build a quantitative security risk model for information systems. The proposed model is systematic, extendable, and modular. The aim is to help managers accurately assess security threat in an incremental and comprehensive way.