Computer Security Risk Analysis and Management

Understanding and managing information infrastructure (II) security risks is a priority to most organizations dealing with information technology and information warfare (IW) scenarios today (Libicki, 2000). Traditional security risk analysis (SRA) was well suited to these tasks within the paradigm of computer security, where the focus was on securing tangible items such as computing and communications equipment (NCS,1996; Cramer, 1998). With the growth of information interchange and reliance on information infrastructure, the ability to understand where vulnerabilities lie within an organization, regardless of size, has become extremely difficult (NIPC, 1996). To place a value on the information that is owned and used by an organization is virtually an impossible task. The suitability of risk analysis to assist in managing IW and information infrastructure-related security risks is unqualified, however studies have been undertaken to build frameworks and methodologies for modeling information warfare attacks (Molander, Riddile, & Wilson, 1996; Johnson, 1997; Hutchinson & Warren, 2001) which will assist greatly in applying risk analysis concepts and methodologies to the burgeoning information technology security paradigm, information warfare.

Download Full-text

Computer Security Risk Analysis

New Risks: Issues and Management ◽

10.1007/978-1-4899-0759-2_42 ◽

1990 ◽

pp. 371-377 ◽

Cited By ~ 1

Author(s):

Lance J. Hoffman

Keyword(s):

Risk Analysis ◽

Computer Security ◽

Security Risk

Download Full-text

E-commerce Security Risk Analysis and Management Strategies of Commercial Banks

2009 International Forum on Information Technology and Applications ◽

10.1109/ifita.2009.92 ◽

2009 ◽

Cited By ~ 2

Author(s):

Li Bo ◽

Xu Congwei

Keyword(s):

Risk Analysis ◽

Commercial Banks ◽

Management Strategies ◽

Security Risk ◽

Risk Analysis And Management

Download Full-text

Security Risk Analysis and Management in Banking Sector: A Case Study of a Selected Commercial Bank in Nigeria

International Journal of Information Engineering and Electronic Business ◽

10.5815/ijieeb.2019.02.05 ◽

2019 ◽

Vol 11 (2) ◽

pp. 35-43 ◽

Cited By ~ 1

Author(s):

Noah N. Gana ◽

◽

Shafi’i M. Abdulhamid ◽

Joseph A. Ojeniyi

Keyword(s):

Risk Analysis ◽

Commercial Bank ◽

Banking Sector ◽

Security Risk ◽

Risk Analysis And Management

Download Full-text

A conceptual model for computer security risk analysis

[1992] Proceedings Eighth Annual Computer Security Application Conference ◽

10.1109/csac.1992.228233 ◽

2003 ◽

Cited By ~ 3

Author(s):

D.J. Bodeaum

Keyword(s):

Risk Analysis ◽

Computer Security ◽

Conceptual Model ◽

Security Risk

Download Full-text

Security Risk Analysis and Management in mobile wallet transaction: A Case study of Pagatech Nigeria Limited

International Journal of Computer Network and Information Security ◽

10.5815/ijcnis.2018.12.03 ◽

2018 ◽

Vol 10 (12) ◽

pp. 21-33

Author(s):

Musbau D. Abdulrahaman ◽

◽

John K. Alhassan ◽

Joseph A. Ojeniyi ◽

Shafii M. Abdulhamid

Keyword(s):

Risk Analysis ◽

Security Risk ◽

Risk Analysis And Management

Download Full-text

ESTUDIO COMPARATIVO ENTRE LAS METODOLOGÍAS CRAMM Y MAGERIT PARA LA GESTIÓN DE RIESGO DE TI EN LAS MPYMES

UDA AKADEM ◽

10.33324/udaakadem.vi1.129 ◽

2018 ◽

pp. 38-47

Author(s):

Esteban Crespo-Martínez ◽

Geovanna Cordero-Torres

Keyword(s):

Risk Management ◽

Information Security ◽

Risk Analysis ◽

Reference Frames ◽

Security Risk ◽

Project Proposal ◽

Palabras Clave ◽

Security Risk Management ◽

Iso 27001 ◽

Risk Analysis And Management

Lograr el objetivo de proponer una metodología de seguridad de la información para la gestión del riesgoinformático, aplicable al entorno empresarial y organizacional, del sector MPYME ecuatoriano, requiere del análisis de las metodologías Magerit y CRAMM (CCTA Risk Analysis and Management Method), las mismas que son internacionalmente utilizadas en la gestión del riesgo de información; contemplando los marcos de referencia que contienen las mejores prácticas de la industria: ISO 27001, 27002, 27005 y 31000.Palabras clave: riesgos, gestión, Magerit, CRAMM, tecnologías de información, TI, seguridad, información, SGSI.AbstractThis paper aims to study the CRAMM (CCTA Risk Analysis and Manage ment Method) and Magerit methodologies used in information risk management. It contemplates international reference frames that contain the best practices in the industry: ISO 27001, 27002, 27005 and 31000.This research is part of a project proposal of “Methodology for information security risk management, applicable to MSMEs” applicable to the Ecuadorian environment. Keywords: Risk, Management, Magerit, CRAMM, Information Technology, IT, Information Security, ISMS.

Download Full-text