A two-phase quantitative methodology for enterprise information security risk analysis

2012 ◽  
Author(s):  
Jaya Bhattacharjee ◽  
Anirban Sengupta ◽  
Chandan Mazumdar ◽  
Mridul Sankar Barik
Keyword(s):  
Information Security ◽  
Risk Analysis ◽  
Quantitative Methodology ◽  
Security Risk ◽  
Enterprise Information ◽  
Two Phase ◽  
Information Security Risk

An Analytical Study of Methodologies and Tools for Enterprise Information Security Risk Management

2017 ◽  
pp. 1-20
Author(s):  
Jaya Bhattacharjee ◽  
Anirban Sengupta ◽  
Mridul Sankar Barik ◽  
Chandan Mazumdar
Keyword(s):  
Risk Analysis ◽  
Business Processes ◽  
Security Risk ◽  
Enterprise Information ◽  
Security Controls ◽  
Business Operations ◽  
Levels Of Detail ◽  
Information Security Risk ◽  
Ict Infrastructure ◽  
Security Risk Management

An enterprise is characterized by its business processes and supporting ICT infrastructure. Securing these entities is of utmost importance for the survival of an enterprise and continuity of its business operations. In order to secure them, it is important to first detect the risks that can be realized to cause harm to those entities. Over the years, several kinds of security risk analysis methodologies have been proposed. They cater to different categories of enterprise entities and consider varying levels of detail during risk analysis. An enterprise often finds it difficult to select a particular method that will best suit its purpose. This paper attempts to address this problem by presenting a detailed study of existing risk analysis methodologies. The study classifies them into specific categories and performs comparative analyses considering different parameters addressed by the methodologies, including asset type, vulnerabilities, threats, and security controls.

Risk Analysis of ICT Assets

2019 ◽  
pp. 175-193
Author(s):  
Hamed H. Dadmarz
Keyword(s):  
Information Security ◽  
Risk Analysis ◽  
Human Resources ◽  
Business Owners ◽  
Insurance Company ◽  
Security Risk ◽  
Business Goals ◽  
Top Managers ◽  
Information Security Risk ◽  
Information Assets

Risk analysis is required in all companies to help the business owners or top managers make decisions about risk management strategy, which itself provides an organization with a roadmap for information and information infrastructure protection aligned to business goals and the organization's risk profile. This chapter identifies information assets including network, electricity, hardware, service, software, and human resources in the ICT department of a health insurance company and their relevant risks. To determine the risks, the level of confidentiality, level of integrity, level of availability, the likelihood of threat occurrence, and intensity of vulnerability have been assessed and rated. Assessment is done based on the opinions of 30 experts in the field of information security. According to the results, the highest information security risk is on the network.

ISRAM: information security risk analysis method

2005 ◽  
Vol 24 (2) ◽  
pp. 147-159 ◽  
Author(s):  
Bilge Karabacak ◽  
Ibrahim Sogukpinar
Keyword(s):  
Information Security ◽  
Risk Analysis ◽  
Analysis Method ◽  
Security Risk ◽  
Information Security Risk

scholarly journals Improving Information Security Risk Analysis Practices for Small- and Medium-Sized Enterprises: A Research

10.28945/3190 ◽  
2008 ◽  
Author(s):  
John Beachboard ◽  
Alma Cole ◽  
Mike Mellor ◽  
Steve Hernandez ◽  
Kregg Aytes ◽  
...  
Keyword(s):  
Information Security ◽  
Risk Analysis ◽  
Development Strategy ◽  
Security Risk ◽  
Decision Heuristics ◽  
Organizational Challenges ◽  
Probability Estimates ◽  
Open Development ◽  
Information Security Risk ◽  
Risk Assessment Methodology

Despite the availability of numerous methods and publications concerning the proper conduct of information security risk analyses, small and medium sized enterprises (SMEs) face serious organizational challenges managing the deployment and use of these tools and methods to assist them in selecting and implementing security safeguards to prevent IS security compromises. This paper builds a case for and then outlines a possible approach and a multi-faceted research agenda for developing an “open development” strategy to address recognized deficiencies in the area of risk analysis to include developing: a multi-level risk assessment methodology and set of decision heuristics designed to minimize the intellectual effort required to conduct SME infrastructure level risk assessments, a set of decision heuristics to assist in the quantification of organizational costs, financial as well as non-financial, a knowledge base of probability estimates associated with specified classes of threats for use in the application of the aforementioned methodology and automated tool(s) capable of supporting the execution of the aforementioned methodology and heuristics.

Sign in / Sign up

Export Citation Format

Share Document