FIRST - Improving Security Together 18th Annual FIRST Conference - June 2006 - Baltimore, Maryland

Risk Analysis Methodology for New IT Service

Platinum Sponsor


Silver Sponsor


Local Host

CERT Coordination Center

Supporting Sponsors






Korea CertCC

Conference Schedule

Business/Management Track

Wednesday – June 28th, 14:00

This research intends to provide a new risk management methodology that predicts the security of future oriented IT services and help to create a counter strategy in advance. The proposed methodology is founded on domestic as well as foreign methodology and information protection reference model ITU-T X.805 and was executed in 3 parts: security factor distrimination phase, risk calculation phase,and counter strategy deduction phase. In the security factor discrimination phase the ITU-T X.805 is applied to determine the new IT services´s infraestructure, service, application level as well as the protecion subject by management, control and user plane. In the risk calculation phase, the X.805 creates risk scenarios for each module by level/plane and calculates the degree of risk by taking fatality, frequency of occurrence and degree of attack into consideration. In the counter strategy was devised by prioritizing risk and applying counter technologies from the list of required technologies based on the 8 information protection requirements.

Authors & presenters

  • KRJun Heo  Presenter (KrCERT/CC – Korea Information Security Agency, KR)

  • KRYoojae Won (KrCERT/CC – Korea Information Security Agency, KR)

Conference Schedule