Impact Assessment Through Collaborative Asset Modeling: The STORM-RM Approach

  • Theodoros NtouskasEmail author
  • Panayiotis Kotzanikolaou
  • Nineta Polemi
Conference paper
Part of the Springer Proceedings in Mathematics & Statistics book series (PROMS, volume 31)


Existing Risk Management (RM) methodologies are mainly expert driven and require a large number of interviews with the security experts, which makes rather inefficient to take into account the knowledge from all the organization’s participants. In this paper we extend the STORM-RM multi-criteria group decision-making methodology. More specifically, we propose specific asset and user models, which make use of the AHP multi-criteria decision-making methodology in order to identify the organization’s assets and calculate their potential security impacts.

Key words

Impact assessment Asset modeling AHP Multi-criteria decision making 



This work has been performed in the framework of the GSRT/SYNER-GASIA/ S-Port project (09SYN-72-650) (


  1. 1.
    AS/NZS 4360. Risk management standards australia, Strathfield (1999)Google Scholar
  2. 2.
    Austrian IT Security Handbook, Austrian federal chancellery (2004)Google Scholar
  3. 3.
    BSI-Standard 100-3. Risk analysis based on it-grundschutz (2005)Google Scholar
  4. 4.
    CRAMM. Ccta risk analysis and management method, cramm version 5.2 information security toolkit (2003)Google Scholar
  5. 5.
    Dutch A&K Analysis (1996)Google Scholar
  6. 6.
    Ebios. Expression des besoins et identification des objectifs de securite (2004)Google Scholar
  7. 7.
    ISO/IEC:15408-1. Information technology - security techniques - evaluation criteria for it security – part 1: Introduction and general model (2005)Google Scholar
  8. 8.
    ISO/IEC:27001. Information technology - security techniques - information security management systems - requirements (2005)Google Scholar
  9. 9.
    MAGERIT. Methodology for information systems risk analysis and management. Public Administration Ministry (2005)Google Scholar
  10. 10.
    Mehari. Méthode harmonisée d’ analyse de risque (2007)Google Scholar
  11. 11.
    Theodoros Ntouskas and Nineta Polemi. STORM-RM: A collaborative and multicriteria risk management methodology. To appear in Int. J. Multicriteria Decision Making.Google Scholar
  12. 12.
    OCTAVE. Octave method implementation guide version 2.0. Carnegie Mellon University, June (2001)Google Scholar
  13. 13.
    S-PORT. S-port project.Google Scholar
  14. 14.
    Saaty, T.L.: Decision making with the analytic hierarchy process. Int. J. Service Sci. 1, 83–98 (2008)MathSciNetCrossRefGoogle Scholar

Copyright information

© Springer Science+Business Media New York 2013

Authors and Affiliations

  • Theodoros Ntouskas
    • 1
    Email author
  • Panayiotis Kotzanikolaou
    • 1
  • Nineta Polemi
    • 1
  1. 1.Department of InformaticsUniversity of PiraeusPiraeusGreece

Personalised recommendations