Risk Analysis Methodology for New IT Service

This research intends to provide a new risk management methodology that predicts the security of future oriented IT services and help to create a counter strategy in advance. The proposed methodology is founded on domestic as well as foreign methodology and information protection reference model ITU-T X.805 and was executed in 3 parts: security factor distrimination phase, risk calculation phase,and counter strategy deduction phase. In the security factor discrimination phase the ITU-T X.805 is applied to determine the new IT services´s infraestructure, service, application level as well as the protecion subject by management, control and user plane. In the risk calculation phase, the X.805 creates risk scenarios for each module by level/plane and calculates the degree of risk by taking fatality, frequency of occurrence and degree of attack into consideration. In the counter strategy was devised by prioritizing risk and applying counter technologies from the list of required technologies based on the 8 information protection requirements.