Abstract
In IT systems quantitative risk analysis is a method for security risk assessment used as a part of risk management process which in turn is a part of security policy. The main advantage of the method (in comparison to other techniques) is its accuracy – a better start point for security policy definition. Obviously the accuracy is directly related to input data dependability. The basic problem of the method is related to acquisition of input data necessary to perform the analysis. Data should be complete and reliable. The main purpose of the paper is to define comprehensive set of data necessary for the quantitative risk analysis for data storage systems (including magnetic disks and solid state disks) and to discuss trustworthiness of the data. Such comprehensive set of data should include data related to storage technology, features of storage processes (e.g. compression, deduplication), security events probabilities. Some of the parameters are dynamic, they change in time, they are related to environmental conditions. Different sources, different means of data acquisition are presented together with discussion on trustworthiness and dependability of the acquired data in the second part of the paper.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
ISO/IEC 27005 Information technology – Security techniques – Information security risk management. ISO/IEC (2011)
ISO/IEC 17799 Information Technology – Code of practice for information security management. ISO/IEC (2005)
NIST Special Publication 800-30 (2011) – Guide for Conducting Risk Assessments. NIST (2011)
Cottrell, L., Matthews, W., Logg, C.: Tutorial on Internet Monitoring and PingER at SLAC. SLAC (2007), http://www.slac.stanford.edu/comp/net/wanmon/tutorial.html
Yaakobi, E., Grupp, L., Siegel, P.H., Swanson, S., Wolf, J.K.: Characterization and Error-Correcting Codes for TLC Flash Memories. In: International Conference on Computing, Networking & Communications, Maui Hawaii (February 2012), http://cseweb.ucsd.edu/users/swanson/papers/ICNC2012TLC.pdf
Blu-ray Disc Format A Physical Format Specifications for BD-RE, 3rd edn. Blu-ray Disc Association (October 2010), http://www.blu-raydisc.com/Assets/Downloadablefile/BD-RE-physical-format-specifications-18325.pdf
Huang, J., Lo, F.: Effect of reducing track pitch in DVD-ROM. IEEE Transactions on Magnetics 41(2), 1073–1075 (2005)
Cannon, D.: Data Deduplication and Tivoli Storage Manager. IBM Corporation 2009 (2009), http://www.ibm.com/developerworks/wikis/download/attachments/106987789/TSMDataDeduplication.pdf?version=1
Mathis, F.H.: A Generalized Birthday Problem. SIAM Review 33(2), 265–270 (1991)
Nakajima, J., Matsui, M.: Performance Analysis and Parallel Implementation of Dedicated Hash Functions. In: Knudsen, L.R. (ed.) EUROCRYPT 2002. LNCS, vol. 2332, pp. 165–180. Springer, Heidelberg (2002)
Bilski, T.: Storage media security. In: NATO Regional Conference on Military Communications and Information Systems 2001. Partnership for CIS Interoperability, Wojskowy Instytut Lacznosci, Zegrze (October 2001)
Schroeder, B., Gibson, G.: Disk failures in the real world: What does an MTTF of 1,000,000 hours mean to you? In: Proceedings of the Fifth Usenix Conference on File and Storage Technologies FAST (February 2007)
Sun, F., Zhang, S.: Does hard-disk drive failure rate enter steady-state after one year? In: Proceedings of the Annual Reliability and Maintainability Symposium. IEEE (January 2007)
Shah, S., Elerath, J.G.: Disk drive vintage and its effect on reliability. In: Proceedings of the Annual Reliability and Maintainability Symposium, pp. 163–167 (January 2004)
Elerath, J.G., Pecht, M.: Enhanced reliability modeling of RAID storage systems. In: 37th Annual IEEE/IFIP International Conference on Dependable Systems and Networks, Edinburgh, UK (June 2007)
Bilski, T.: QoS Predictability of Internet Services. In: Kwiecień, A., Gaj, P., Stera, P. (eds.) CN 2010. CCIS, vol. 79, pp. 163–172. Springer, Heidelberg (2010)
McCumber, J.: Assessing and Managing Security Risk in IT Systems. A Structured Methodology. Auerbach Publications (2004)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2013 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Bilski, T. (2013). Quantitative Risk Analysis for Data Storage Systems. In: Kwiecień, A., Gaj, P., Stera, P. (eds) Computer Networks. CN 2013. Communications in Computer and Information Science, vol 370. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-38865-1_14
Download citation
DOI: https://doi.org/10.1007/978-3-642-38865-1_14
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-38864-4
Online ISBN: 978-3-642-38865-1
eBook Packages: Computer ScienceComputer Science (R0)