Study on sensitive information leakage vulnerability modeling
Abstract
Purpose
The purpose of this paper is to provide a model for quantitatively analyzing the security profile of an organization’s IT environment. The model considers the security risks associated with stored data, as well as services and devices that can act as channels for data leakages. The authors propose a sensitive information (SI) leakage vulnerability model.
Design/methodology/approach
Factors identified as having an impact on the security profile are identified, and scores are assigned based on detailed criteria. These scores are utilized by mathematical models that produce a vulnerability index, which indicates the overall security vulnerability of the organization. In this chapter, the authors verify the model result extracted from SI leakage vulnerability weak index by applying the proposed model to an actual incident that occurred in South Korea in January 2014.
Findings
The paper provides vulnerability result and vulnerability index. They are depends on SI state in information systems.
Originality/value
The authors identify and define four core variables related to SI leakage: SI, security policy, and leakage channel and value of SI. The authors simplify the SI leakage problem. The authors propose a SI leakage vulnerability model.
Keywords
Citation
Kim, S.-H., Kim, N.-U. and Chung, T.-M. (2015), "Study on sensitive information leakage vulnerability modeling", Kybernetes, Vol. 44 No. 1, pp. 77-88. https://doi.org/10.1108/K-05-2014-0106
Publisher
:Emerald Group Publishing Limited
Copyright © 2015, Emerald Group Publishing Limited