An Information-center Risk Assessment for Information Security

The current security risk assessment methods are of asset-center, which means that the security of assets, such as host, server and router, are assessed. Then the security risk of the whole network is aggregated. However, information is a kind of special asset that can flow across networks or systems, which is different from the general assets. Thus a kind of information-center risk assessment method is proposed. Firstly, the information spreading model is presented based on scale-free network in order to know how the sensitive information spreads. Then, based on the spreading threshold in the scale-free network, the information security risk is evaluated.