ABSTRACT
Results of research done by Dlamini et al. [5] clearly show information security was once focused around technical issues. However, over time, that approach transitioned to a more strategic governance model where legal and regulatory compliance, risk management, and digital forensics disciplines became the significant contributors in the domain. This focus has resulted in a proliferation of information security risk assessment models, which on the whole, have not necessarily helped to reduce risks or appropriately respond to security events. This research seeks to develop a new information security risk assessment model through the aggregation of existing models.
- Atyam, S. Effectiveness of security control risk assessments for enterprises: Assess on the business perspective of security risks. Information Security Journal: A Global Perspective, 19, (2010), 343--350. DOI: 10.1080/19393555.2010.514892. Google ScholarDigital Library
- Behnia, A., Rashid, R., and Chaudhry, J. A survey of information security risk analysis methods. Smart Computing Review, 2(1), (2012), 79--94Google Scholar
- Bojanc, R. & Jerman-Blažić, B. A quantitative model for information-security risk management. Engineering Management Journal, 25(2), (2013), 25--37.Google ScholarCross Ref
- Bryman, A. Social Research Methods (4th Ed.) Oxford University Press, Inc., New York, NY, 2012.Google Scholar
- Dlamini, M., Eloff, J, and Eloff, M. Information Security: The moving target. Computers and Security, 28, (2009), 189--198. doi: 10.1016/j.cose.2008.11.007 Google ScholarDigital Library
- Drucker, P. & Maciariello, J. The Theory of Business. In Management (pp. 83--96). Harper Collins, New York, NY. 2008.Google Scholar
- Saleh, M. and Alfantookh, A. New comprehensive framework for enterprise information security risk management. Applied Computing and Informatics, 9(2), (2011), 107--118.Google ScholarCross Ref
- von Solms, R. and Niekerk, J. From information security to cyber security. Computers & Security, 38, (2013), 97--103. Google ScholarDigital Library
Index Terms
- Complexity Reduction in Information Security Risk Assessment
Recommendations
Taxonomy of information security risk assessment (ISRA)
Information is a perennially significant business asset in all organizations. Therefore, it must be protected as any other valuable asset. This is the objective of information security, and an information security program provides this kind of ...
Information Security Risk Assessment Using Markov Models
ISECS '10: Proceedings of the 2010 Third International Symposium on Electronic Commerce and SecurityRisk assessment is important in assessing the security states in information security. This paper proposed to use Markov models to assess the risk of information security. The simulation results were shown using different distributions.
Information Security Risk Assessment Method Based on CORAS Frame
CSSE '08: Proceedings of the 2008 International Conference on Computer Science and Software Engineering - Volume 03This paper first carry out the summary to the information security risk assessment's present situation and the correlation criterion, then introduced in detail to the risk which possibly exists carry out the quantification based on the CORAS frame's ...
Comments