scholarly journals An Investigation Of Organizational Information Security Risk Analysis

2010 ◽  
Vol 3 (2) ◽  
Author(s):  
Zack Jourdan ◽  
R. Kelly Rainer, Jr. ◽  
Thomas E. Marshall ◽  
F. Nelson Ford
Keyword(s):  
Information Systems ◽  
Information Security ◽  
Risk Analysis ◽  
Security Threats ◽  
Security Risk ◽  
Current State ◽  
Policies And Procedures ◽  
Organizational Information ◽  
Quantitative Results ◽  
Information Security Risk

Despite a growing number and variety of information security threats, many organizations continue to neglect implementing information security policies and procedures.  The likelihood that an organization’s information systems can fall victim to these threats is known as information systems risk (Straub & Welke, 1998).  To combat these threats, an organization must undergo a rigorous process of self-analysis. To better understand the current state of this information security risk analysis (ISRA) process, this study deployed a questionnaire using both open-ended and closed ended questions administered to a group of information security professionals (N=32).  The qualitative and quantitative results of this study show that organizations are beginning to conduct regularly scheduled ISRA processes.  However, the results also show that organizations still have room for improvement to create idyllic ISRA processes. 

Research on Method of Information System Information Security Risk Management

2014 ◽  
Vol 926-930 ◽  
pp. 4105-4109
Author(s):  
Xiao Li Cao
Keyword(s):  
Information System ◽  
Risk Management ◽  
Information Systems ◽  
Information Security ◽  
Risk Analysis ◽  
Management Approach ◽  
Security Risk ◽  
System Risk ◽  
Information Security Risk ◽  
Security Risk Management

With the popularity of the Internet and global information continues to advance organizational information systems have become an important strategic resource for the survival of the importance of information security to protect its widespread concern. Once the information security organization information system is destroyed, the Organization for Security attribute information would cause tremendous impact the organization's business operation, the losses include not only economic, but also likely to organize image, reputation is a strategic competitive advantage even fatal injuries. However, the existing information systems of information security risk management approach to information system risk analysis and assessment with specific organizational environment and business background with fragmentation, lack of risk analysis and description of the formation process, carried only consider "technical" factors security decisions, lack of full expression to achieve the desired goal of a number of decisions on organizational decision-making. Therefore, the information system to carry information security risk management is essential.

Risk Analysis of ICT Assets

2019 ◽  
pp. 175-193
Author(s):  
Hamed H. Dadmarz
Keyword(s):  
Information Security ◽  
Risk Analysis ◽  
Human Resources ◽  
Business Owners ◽  
Insurance Company ◽  
Security Risk ◽  
Business Goals ◽  
Top Managers ◽  
Information Security Risk ◽  
Information Assets

Risk analysis is required in all companies to help the business owners or top managers make decisions about risk management strategy, which itself provides an organization with a roadmap for information and information infrastructure protection aligned to business goals and the organization's risk profile. This chapter identifies information assets including network, electricity, hardware, service, software, and human resources in the ICT department of a health insurance company and their relevant risks. To determine the risks, the level of confidentiality, level of integrity, level of availability, the likelihood of threat occurrence, and intensity of vulnerability have been assessed and rated. Assessment is done based on the opinions of 30 experts in the field of information security. According to the results, the highest information security risk is on the network.

Information Security Risk in the E-Supply Chain

2007 ◽  
pp. 142-161
Author(s):  
W. Baker ◽  
G. Smith ◽  
K. Watson
Keyword(s):  
Information Technology ◽  
Supply Chain ◽  
Information Security ◽  
Security Threats ◽  
Information Flows ◽  
Security Risk ◽  
Supply Chain Risk ◽  
It Integration ◽  
Information Security Risk ◽  
Increase In Risk

Collaboration between supply chain partners, facilitated by integration of information flows, has created more efficient and effective networks. However, the benefits of interconnectivity are not gained without risk. Though essential to support collaboration, increased use of information technology has removed internal and external protective barriers around an organization’s assets and processes. Thus, supply chains are better able to satisfy the needs of customers while more vulnerable to an array of IT-specific risks. This chapter identifies the sources of IT threats in the supply chain, categorizes those threats, and validates them by means of a survey of 188 companies representing a range of supply chain functions. Analysis suggests that supply chain risk is affected by IT threats, and therefore the benefits of collaboration facilitated by IT integration must exceed the increase in risk due to IT security threats.

The Social Side of Security

2011 ◽  
pp. 140-150 ◽  
Author(s):  
Richard G. Taylor
Keyword(s):  
Social Issue ◽  
Information Systems ◽  
Information Security ◽  
New Technologies ◽  
Security Threats ◽  
Current Information ◽  
New Methods ◽  
The Social ◽  
Organizational Information ◽  
Social Side

The introduction of new technologies to accumulate large amounts of data has resulted in the need for new methods to secure organizational information. Current information security strategies tend to focus on a technology-based approach to securing information. However, this technology-based approach can leave an organization vulnerable to information security threats. Organizations must realize that information security is not necessarily a technology issue, but rather a social issue. Humans operate, maintain, and use information systems. Their actions, whether intentional or accidental, are the real threat to organizations. Information security strategies must be developed to address the social issue.

ISRAM: information security risk analysis method

2005 ◽  
Vol 24 (2) ◽  
pp. 147-159 ◽  
Author(s):  
Bilge Karabacak ◽  
Ibrahim Sogukpinar
Keyword(s):  
Information Security ◽  
Risk Analysis ◽  
Analysis Method ◽  
Security Risk ◽  
Information Security Risk

scholarly journals Improving Information Security Risk Analysis Practices for Small- and Medium-Sized Enterprises: A Research

10.28945/3190 ◽  
2008 ◽  
Author(s):  
John Beachboard ◽  
Alma Cole ◽  
Mike Mellor ◽  
Steve Hernandez ◽  
Kregg Aytes ◽  
...  
Keyword(s):  
Information Security ◽  
Risk Analysis ◽  
Development Strategy ◽  
Security Risk ◽  
Decision Heuristics ◽  
Organizational Challenges ◽  
Probability Estimates ◽  
Open Development ◽  
Information Security Risk ◽  
Risk Assessment Methodology

Despite the availability of numerous methods and publications concerning the proper conduct of information security risk analyses, small and medium sized enterprises (SMEs) face serious organizational challenges managing the deployment and use of these tools and methods to assist them in selecting and implementing security safeguards to prevent IS security compromises. This paper builds a case for and then outlines a possible approach and a multi-faceted research agenda for developing an “open development” strategy to address recognized deficiencies in the area of risk analysis to include developing: a multi-level risk assessment methodology and set of decision heuristics designed to minimize the intellectual effort required to conduct SME infrastructure level risk assessments, a set of decision heuristics to assist in the quantification of organizational costs, financial as well as non-financial, a knowledge base of probability estimates associated with specified classes of threats for use in the application of the aforementioned methodology and automated tool(s) capable of supporting the execution of the aforementioned methodology and heuristics.

Sign in / Sign up

Export Citation Format

Share Document