Abstract—There is no doubt that an Information System faces various challenges every day and security is only one of them. It takes a lot of planning and even more work to keep it up and running. Faulty wiring, hardware problems, overloading, new versions, backups are just some of the possible failing factors. Yet, the probability of their occurrence is almost impossible to predict. The aim of this paper is to study the “behavioral model” that the technical risk factors which affect the security level of an Information System follow and suggest possible failing points. We will attempt to incorporate a more practical approach, by using real life scenarios that have occurred in many corporations, rather than “manufacturing” a theoretical approach that suits the needs of our findings. To this end we use data that are publicly available through open source databases. The analysis proposed, of the data collected, performed using weighted entropy methodology. Finally, the output of this research is going to be used as an input to the proposed model of our research group for quantifying security using Stochastic Processes[1].
Index Terms—Security, entropy, quantification, risk assessment.
The authors are with the Department of Informatics, University of Piraeus, 80 Karaoli & Dimitriou str, 18534 Piraeus, Greece (e-mail:kpatsak@gmail.com, dmermigas@gmail.com, spirounias@yahoo.com).
Cite: Constantinos Patsakis, Dimitrios Mermigas, Sotirios Pirounias, and Gregory Chondrokoukis, "The Role of Weighted Entropy in Security Quantification," International Journal of Information and Electronics Engineering vol. 3, no. 2, pp. 156-159, 2013.