ISRAM: information security risk analysis method

2005 ◽  
Vol 24 (2) ◽  
pp. 147-159 ◽  
Author(s):  
Bilge Karabacak ◽  
Ibrahim Sogukpinar
Keyword(s):  
Information Security ◽  
Risk Analysis ◽  
Analysis Method ◽  
Security Risk ◽  
Information Security Risk

A new information security risk analysis method based on membership degree

Kybernetes ◽  
2014 ◽  
Vol 43 (5) ◽  
pp. 686-698 ◽  
Author(s):  
Jiqiang Chen ◽  
Witold Pedrycz ◽  
Litao Ma ◽  
Chao Wang
Keyword(s):  
Information Security ◽  
Risk Analysis ◽  
Weighted Average ◽  
New Method ◽  
Membership Functions ◽  
Analysis Method ◽  
Security Risk ◽  
Content Type ◽  
Information Security Risk ◽  
Analysis System

Purpose – In a risk analysis system, different underlying indices often play different roles in identifying the risk scale of the total target in a system, so a concept of discriminatory weight is introduced first. With the help of discriminatory weight and membership functions, a new method for information security risk analysis is proposed. The purpose of this paper is to discuss the above issues. Design/methodology/approach – First, a concept of discriminatory weight is introduced. Second, with the help of fuzzy sets, risk scales are captured in terms of fuzzy sets (namely their membership functions). Third, a new risk analysis method involving discriminatory weights is proposed to realize a transformation from the membership degrees of the underlying indices to the membership degrees of the total target. At last, an example of information security risk analysis shows the effectiveness and feasibleness of the new method. Findings – The new method generalizes the weighted-average method. The comparative analysis done with respect to other two methods show that the proposed method exhibits higher classification accuracy. Therefore, the proposed method can be applied to other risk analysis system with a hierarchial. Originality/value – This paper proposes a new method for information security risk analysis with the help of membership functions and the concept of discriminatory weight. The new method generalizes the weighted-average method. Comparative analysis done with respect to other two methods show that the proposed method exhibits higher classification accuracy in E-government information security system. What is more, the proposed method can be applied to other risk analysis system with a hierarchial.

Risk Analysis of ICT Assets

2019 ◽  
pp. 175-193
Author(s):  
Hamed H. Dadmarz
Keyword(s):  
Information Security ◽  
Risk Analysis ◽  
Human Resources ◽  
Business Owners ◽  
Insurance Company ◽  
Security Risk ◽  
Business Goals ◽  
Top Managers ◽  
Information Security Risk ◽  
Information Assets

Risk analysis is required in all companies to help the business owners or top managers make decisions about risk management strategy, which itself provides an organization with a roadmap for information and information infrastructure protection aligned to business goals and the organization's risk profile. This chapter identifies information assets including network, electricity, hardware, service, software, and human resources in the ICT department of a health insurance company and their relevant risks. To determine the risks, the level of confidentiality, level of integrity, level of availability, the likelihood of threat occurrence, and intensity of vulnerability have been assessed and rated. Assessment is done based on the opinions of 30 experts in the field of information security. According to the results, the highest information security risk is on the network.

scholarly journals Improving Information Security Risk Analysis Practices for Small- and Medium-Sized Enterprises: A Research

10.28945/3190 ◽  
2008 ◽  
Author(s):  
John Beachboard ◽  
Alma Cole ◽  
Mike Mellor ◽  
Steve Hernandez ◽  
Kregg Aytes ◽  
...  
Keyword(s):  
Information Security ◽  
Risk Analysis ◽  
Development Strategy ◽  
Security Risk ◽  
Decision Heuristics ◽  
Organizational Challenges ◽  
Probability Estimates ◽  
Open Development ◽  
Information Security Risk ◽  
Risk Assessment Methodology

Despite the availability of numerous methods and publications concerning the proper conduct of information security risk analyses, small and medium sized enterprises (SMEs) face serious organizational challenges managing the deployment and use of these tools and methods to assist them in selecting and implementing security safeguards to prevent IS security compromises. This paper builds a case for and then outlines a possible approach and a multi-faceted research agenda for developing an “open development” strategy to address recognized deficiencies in the area of risk analysis to include developing: a multi-level risk assessment methodology and set of decision heuristics designed to minimize the intellectual effort required to conduct SME infrastructure level risk assessments, a set of decision heuristics to assist in the quantification of organizational costs, financial as well as non-financial, a knowledge base of probability estimates associated with specified classes of threats for use in the application of the aforementioned methodology and automated tool(s) capable of supporting the execution of the aforementioned methodology and heuristics.

Sign in / Sign up

Export Citation Format

Share Document