Development of an Evidential Reasoning Based Information Security Risk Assessment Model

Project: Research

View graph of relations


Information security becomes one of the highest priorities of the security and business administration. It is particularly true for the R&D type companies in high-technology industry, in which the research information is of highest confidential, but very few studies on this have been reported. ISO27001 is an international standard that specifies the requirements for implementing information security management system within the context of the organization’s overall business risks. In ISO27001, the risk assessment phase, including the risk identification, risk estimation and risk evaluation, is the most critical but most difficult component leading to the success of implementation. Quantitative risk analysis in information security is relatively immature as the current methods fail to model the risks and uncertainities involved in the assessment. This project is proposed to fill up this gap by developing a novel evidential reasoning based risk assessment methodology, with emphasis on the application in a high-technology R&D operations.


Project number7002700
Grant typeSRG
Effective start/end date1/05/1118/11/13