Cyber Times International Journal of Technology & Management

Protecting the Critical Information Infrastructure is one of the top most agenda of every organization. To provide security solution to protect the information infrastructures from various cyber attacks, there is a need to deploy a cost effective security solution. To find the exact cost associated with the security solution, there is a need to quantify the risk present in the information system. In this paper, various approaches to quantify risk assessment techniques have been reviewed and compared in terms of the metrics used. In addition to this, the advantage and disadvantage of each technique has been analyzed which helps the security professionals to adopt the suitable assessment technique for quantifying the security risk present in the information system.