**6. Conclusion**

The evolution of ubiquitous computing systems has steered the industries towards relying on IT infrastructure for their business operations. In addition, industries are competing in the global market adapting to the rapid and continuous changes in IT systems. However, deployment of the IT infrastructure across industries has always remain complicated because of the insecure communication channel; intelligent inside and outside attackers; and loopholes in the software and system development life cycle. In addition, the heterogeneous service level requirements from the customers, service providers, users, along with implementation policies in industries add complexity to this problem. Hence, effective assessment of risk associated with the deployment of the IT infrastructure in industries has become an integral part of the management to ensure the security of the assets. In this chapter, an efficient risk assessment mechanism for IT infrastructure deployment in industries is proposed which ensures a strong security perimeter over the underlying organizational resources by analyzing the vulnerability, threat, and exposure of the entities in the system.

**References**

November 2019]

December 2019]

[1] Insider vs. Outsider Data Security Threats: What's the Greater Risk? [Online]. Available from: https://digita lguardian.com/blog/insider-outsiderdata-security-threats. [Accessed: 01

*DOI: http://dx.doi.org/10.5772/intechopen.90907*

*Risk Assessment in IT Infrastructure*

and Wireless Computing,

Communication and Applications; Compiegne; 2013. pp. 437-442. [Accessed: 01 December 2019]

[9] Liang L, et al. The practical risk assessment for enterprise Wireless Local Area Network. In: IEEE International Conference on Information Science, Electronics and Electrical Engineering;

Sapporo; 2014. pp. 1936-1940. [Accessed: 01 December 2019]

In: Seventh IEEE International

and quantitative security risk assessment of invisible attacks at enterprise network. In: 3rd IEEE International Conference on Future Internet of Things and Cloud; Rome; 2015. pp. 256-263. [Accessed: 01

Communication Conference (IEMCON); Vancouver, BC; 2018. pp. 844-850. [Accessed: 01 December

[13] Chalvatzis I, Karras DA, Papademetriou RC. Evaluation of security vulnerability scanners for small and medium enterprises business networks resilience towards risk assessment. In: IEEE International Conference on Artificial Intelligence and Computer Applications (ICAICA);

Dalian, China; 2019. pp. 52-58. [Accessed: 01 December 2019]

December 2019]

2019]

[10] Guohua Z. Enterprise information security risk and countermeasure research under network environment.

Conference on Measuring Technology and Mechatronics Automation; Nanchang; 2015. pp. 453-456. [Accessed: 01 December 2019]

[11] Munir R, et al. Detection, mitigation

[12] Lamichhane PB, Hong L, Shetty S. A quantitative risk analysis model and simulation of enterprise networks. In: 9th IEEE Annual Information Technology, Electronics and Mobile

[2] Mell P, Scarfone K, Romanosky S. Common vulnerability scoring system. IEEE Security and Privacy. 2006;**4**(6): 85-89. [Accessed: 01 November 2019]

[3] Li J, Wang H. A quantification method for network security situational awareness based on conditional random

fields. In: Fourth International

Conference on Computer Sciences and Convergence Information Technology; Seoul; 2009. pp. 993-998. [Accessed: 01

[4] Breu R, Innerhofer-Oberperfler F, Yautsiukhin A. Quantitative assessment of enterprise security system. In: Third IEEE International Conference on Availability, Reliability and Security; Barcelona; 2008. pp. 921-928. [Accessed: 01 December 2019]

[5] Xie A et al. An adjacency matrixesbased model for network security analysis. In: IEEE International

Conference on Communications; Cape Town, South Africa; 2010. pp. 1-5. [Accessed: 01 December 2019]

[6] Noel S et al. Measuring security risk of networks using attack graphs. International Journal of Next Generation Computing. 2010;**1**(1): 135-147. [Accessed: 01 December 2019]

[7] Liu Q, Zhang Y. VRSS: A new system for rating and scoring vulnerabilities. Computer Communications. 2011;**34**: 264-273. [Accessed: 01 December 2019]

[8] Munir R, et al. A quantitative measure of the security risk level of enterprise networks. In: Eighth IEEE International Conference on Broadband

**105**
