Kondakçı, Süleyman2023-06-162023-06-1620071744-17651744-1773https://doi.org/10.1504/IJICS.2007.013959https://hdl.handle.net/20.500.14365/3701This paper presents an analysis of fault propagation in information security solutions. It presents a unique and efficient approach to security assessment that can be useful for security planners, evaluators, managers, and IT owners to discover and correct weaknesses at any stage of security planning processes. Intuition and qualitative approaches are not adequate to guide accurate risk analysis in information security. In this paper, we present a rather formalised preventive approach to guide the risk management quantitatively. The quantitative approach determines the propagation of the design faults by use of a probabilistic method supported by a scoring scheme. © 2007 Inderscience Enterprises Ltd.eninfo:eu-repo/semantics/closedAccesshuman factorinformation and computer securityknowledge and policy managementrisk assessmentsecurity risk propagationArticle10.1504/IJICS.2007.0139592-s2.0-55349122357