Information Security Risks Assessment Method Based on AHP and Fuzzy Sets

This paper developed a method to assess information security risks in e-healthcare. Specifically, it first developed a static E-Healthcare Information Security Risk (EHISR) model to present thirty-three security risk factors by identifying information security threats and their sources in e-healthcare. Second, a dynamic E-Healthcare Information Flow (EHIF) model was developed to logically link these information risk factors in the EHISR model. Pattern analysis showed that information security risks could be classified into two levels, and versatility analysis showed that the overall security risks for eight information flows were close with a range from 55% to 86%. Third, one quantifiable approach based on a relative-weighted assessment model was developed to demonstrate how to assess the information security risks in e-healthcare. This quantitative security risk measurement establishes a reference point for assessing e-healthcare security risks and assists managers in selecting a reliable information flow infrastructure with a lower security risk level.

Download Full-text

Genre-Based Approach to Assessing Information and Knowledge Security Risks

International Journal of Knowledge Management ◽

10.4018/ijkm.2014040102 ◽

2014 ◽

Vol 10 (2) ◽

pp. 13-27 ◽

Cited By ~ 3

Author(s):

Ali Mohammad Padyab ◽

Tero Päivärinta ◽

Dan Harnesk

Keyword(s):

Risk Assessment ◽

Information Security ◽

Assessment Method ◽

Organizational Dynamics ◽

Future Research ◽

Security Risk ◽

Security Risks ◽

Risk Assessment Method ◽

Information Security Risk ◽

Security Risk Assessment

Contemporary methods for assessing information security risks have adopted mainly technical views on information and technology assets. Organizational dynamics of information management and knowledge sharing have gained less attention. This article outlines a new, genre-based, approach to information security risk assessment in order to orientate toward organization- and knowledge-centric identification and analysis of security risks. In order to operationalize the genre-based approach, we suggest the use of a genre-based analytical method for identifying organizational communication patterns through which organizational knowledge is shared. The genre-based method is then complemented with tasks and techniques from a textbook risk assessment method (OCTAVE Allegro). We discuss the initial experiences of three experienced information security professionals who tested the method. The article concludes with implications of the genre-based approach to analyzing information and knowledge security risks for future research and practice.

Download Full-text

On the Issue of Information Security Risks Assessment of Business Processes

2018 XIV International Scientific-Technical Conference on Actual Problems of Electronics Instrument Engineering (APEIE) ◽

10.1109/apeie.2018.8545576 ◽

2018 ◽

Cited By ~ 2

Author(s):

Viktor M. Belov ◽

Andrey I. Pestunov ◽

Tamara M. Pestunova

Keyword(s):

Information Security ◽

Business Processes ◽

Security Risks ◽

Risks Assessment

Download Full-text

Development of an E-Healthcare Information Security Risk Assessment Method

Healthcare Administration ◽

10.4018/978-1-4666-6339-8.ch014 ◽

2015 ◽

pp. 248-269

Author(s):

June Wei ◽

Binshan Lin ◽

Meiga Loho-Noya

Keyword(s):

Risk Factors ◽

Information Security ◽

Information Flow ◽

Assessment Method ◽

Risk Level ◽

Security Risk ◽

Security Risks ◽

Healthcare Information ◽

Information Security Risk ◽

Security Risk Assessment

This paper developed a method to assess information security risks in e-healthcare. Specifically, it first developed a static E-Healthcare Information Security Risk (EHISR) model to present thirty-three security risk factors by identifying information security threats and their sources in e-healthcare. Second, a dynamic E-Healthcare Information Flow (EHIF) model was developed to logically link these information risk factors in the EHISR model. Pattern analysis showed that information security risks could be classified into two levels, and versatility analysis showed that the overall security risks for eight information flows were close with a range from 55% to 86%. Third, one quantifiable approach based on a relative-weighted assessment model was developed to demonstrate how to assess the information security risks in e-healthcare. This quantitative security risk measurement establishes a reference point for assessing e-healthcare security risks and assists managers in selecting a reliable information flow infrastructure with a lower security risk level.

Download Full-text

Factor identification and computation in the assessment of information security risks for digital libraries

Journal of Librarianship and Information Science ◽

10.1177/0961000616668572 ◽

2016 ◽

Vol 51 (1) ◽

pp. 78-94 ◽

Cited By ~ 3

Author(s):

Shuiqing Huang ◽

Zhengbiao Han ◽

Bo Yang ◽

Ni Ren

Keyword(s):

Information Security ◽

Digital Library ◽

Digital Libraries ◽

Public Library ◽

Weighted Average ◽

Assessment Method ◽

Security Risk ◽

Security Risks ◽

Assignment Method ◽

The Status

This study proposes an objective methodology for identifying and computing the factors relevant to the assessment of information security risks for digital libraries that is also compliant with the ISO 27000 and the GB/T 20984 standards. By introducing a fuzzy comprehensive assessment method and an expert investigation method to the dimensions of assets and threats, this study proposes a model for computing the value of assets and the severity of threats. In the dimension of vulnerabilities, a vulnerability computation model based on the multi-channel weighted average method is proposed. By considering the digital library of a typical public library in China as the object of assessment, this study acquires assessment data by using a combination of a questionnaire survey, an on-site survey and vulnerability scanning. Research findings consisted of the following: (1) the digital library identified a total of 3111 information security risk items; (2) according to the assessment results attained using a combination of the factor identification and computational methodologies proposed here in conjunction with the multiplicative method specified in GB/T 20984, the high-risk (or higher risk) items accounted for 0.9% of all risky items, which is consistent with the status quo in information security risks faced by digital libraries. The analysis showed that the proposed methodology is more scientific than the currently prevailing direct value assignment method.

Download Full-text

A Web based Information Security Risks Assessment Model

Journal of Internet Technology and Secured Transaction ◽

10.20533/jitst.2046.3723.2015.0050 ◽

2015 ◽

Vol 4 (3) ◽

pp. 396-404

Author(s):

B. K. Alese ◽

O. Oyebade ◽

O. Iyare ◽

Osuolale A. Festus ◽

A. F. Thompson

Keyword(s):

Information Security ◽

Assessment Model ◽

Security Risks ◽

Web Based ◽

Risks Assessment

Download Full-text

Genre-Based Approach to Assessing Information and Knowledge Security Risks

Transportation Systems and Engineering ◽

10.4018/978-1-4666-8473-7.ch063 ◽

2015 ◽

pp. 1237-1253

Author(s):

Ali Mohammad Padyab ◽

Tero Päivärinta ◽

Dan Harnesk

Keyword(s):

Risk Assessment ◽

Information Security ◽

Assessment Method ◽

Organizational Dynamics ◽

Future Research ◽

Security Risk ◽

Security Risks ◽

Risk Assessment Method ◽

Information Security Risk ◽

Security Risk Assessment

Contemporary methods for assessing information security risks have adopted mainly technical views on information and technology assets. Organizational dynamics of information management and knowledge sharing have gained less attention. This article outlines a new, genre-based, approach to information security risk assessment in order to orientate toward organization- and knowledge-centric identification and analysis of security risks. In order to operationalize the genre-based approach, we suggest the use of a genre-based analytical method for identifying organizational communication patterns through which organizational knowledge is shared. The genre-based method is then complemented with tasks and techniques from a textbook risk assessment method (OCTAVE Allegro). We discuss the initial experiences of three experienced information security professionals who tested the method. The article concludes with implications of the genre-based approach to analyzing information and knowledge security risks for future research and practice.

Download Full-text