Asset Based Risk Analysis: A Quantitative Approach for Libraries

Abstract

The information intensive functions of libraries are major force behind the increasing application of ICT for the effective organization and service. The range of vulnerabilities and threats involves in IT environments which need to be properly estimated in order to smooth functioning of the system. Information Security Management program is about management of risk, which is accomplished by developing a risk management and mitigation strategy, whereby assets, threats, and vulnerabilities are identified and the commensurate risk is quantified. Compare to qualitative risk analysis, quantitative risk analysis is easy to perform as calculating the potential lost in term of monetary value is not always possible for qualitative risk analysis. The success of quantitative risk analysis operation is heavily depends on application proper risk treatment and controls.