scholarly journals Information Security Risk Assessment

Encyclopedia ◽  
2021 ◽  
Vol 1 (3) ◽  
pp. 602-617
Author(s):  
Ievgeniia Kuzminykh ◽  
Bogdan Ghita ◽  
Volodymyr Sokolov ◽  
Taimur Bakhshi
Keyword(s):  
Risk Assessment ◽  
Information System ◽  
Information Security ◽  
Management Practices ◽  
Security Risk ◽  
Security Risks ◽  
Information Security Risk ◽  
Security Risk Assessment ◽  
The Cost ◽  
Cost Of Protection

Information security risk assessment is an important part of enterprises’ management practices that helps to identify, quantify, and prioritize risks against criteria for risk acceptance and objectives relevant to the organization. Risk management refers to a process that consists of identification, management, and elimination or reduction of the likelihood of events that can negatively affect the resources of the information system to reduce security risks that potentially have the ability to affect the information system, subject to an acceptable cost of protection means that contain a risk analysis, analysis of the “cost-effectiveness” parameter, and selection, construction, and testing of the security subsystem, as well as the study of all aspects of security.

Genre-Based Approach to Assessing Information and Knowledge Security Risks

2014 ◽  
Vol 10 (2) ◽  
pp. 13-27 ◽  
Author(s):  
Ali Mohammad Padyab ◽  
Tero Päivärinta ◽  
Dan Harnesk
Keyword(s):  
Risk Assessment ◽  
Information Security ◽  
Assessment Method ◽  
Organizational Dynamics ◽  
Future Research ◽  
Security Risk ◽  
Security Risks ◽  
Risk Assessment Method ◽  
Information Security Risk ◽  
Security Risk Assessment

Contemporary methods for assessing information security risks have adopted mainly technical views on information and technology assets. Organizational dynamics of information management and knowledge sharing have gained less attention. This article outlines a new, genre-based, approach to information security risk assessment in order to orientate toward organization- and knowledge-centric identification and analysis of security risks. In order to operationalize the genre-based approach, we suggest the use of a genre-based analytical method for identifying organizational communication patterns through which organizational knowledge is shared. The genre-based method is then complemented with tasks and techniques from a textbook risk assessment method (OCTAVE Allegro). We discuss the initial experiences of three experienced information security professionals who tested the method. The article concludes with implications of the genre-based approach to analyzing information and knowledge security risks for future research and practice.

Assessment Model and Method Research of Information Security Risk

2014 ◽  
Vol 496-500 ◽  
pp. 2170-2173
Author(s):  
Zhen Lu ◽  
Zhen Xiong ◽  
Ke Qin Tu
Keyword(s):  
Risk Assessment ◽  
Information System ◽  
Information Security ◽  
Risk Model ◽  
System Engineering ◽  
Assessment Model ◽  
Security Risk ◽  
Information Safety ◽  
Information Security Risk ◽  
Security Risk Assessment

Security management of information system is one of the important contents of system engineering management, especially the security risk assessment, which places the core center of system engineering. Through risk assessment of an information system can help analyze system safety and find out the potential risk. Build risk model of information safety can provide necessary guidance for security strategy design and the implementation. This article researches the assessment model and method of information security risk.

Information Security Risk Assessment of Smart Grid Based on Absorbing Markov Chain and SPA

2014 ◽  
Vol 15 (6) ◽  
pp. 527-532 ◽  
Author(s):  
Zhang Jianye ◽  
Zeng Qinshun ◽  
Song Yiyang ◽  
Li Cunbin
Keyword(s):  
Risk Assessment ◽  
Markov Chain ◽  
Information Security ◽  
Smart Grid ◽  
Risk Index ◽  
Security Risk ◽  
Security Risks ◽  
Information Security Risk ◽  
Security Risk Assessment ◽  
Smart Grid Information Security

Abstract To assess and prevent the smart grid information security risks more effectively, this paper provides risk index quantitative calculation method based on absorbing Markov chain to overcome the deficiencies that links between system components were not taken into consideration and studies mostly were limited to static evaluation. The method avoids the shortcomings of traditional Expert Score with significant subjective factors and also considers the links between information system components, which make the risk index system closer to the reality. Then, a smart grid information security risk assessment model on the basis of set pair analysis improved by Markov chain was established. Using the identity, discrepancy, and contradiction of connection degree to dynamically reflect the trend of smart grid information security risk and combining with the Markov chain to calculate connection degree of the next period, the model implemented the smart grid information security risk assessment comprehensively and dynamically. Finally, this paper proves that the established model is scientific, effective, and feasible to dynamically evaluate the smart grid information security risks.

Grey Evaluation Method on Security Risk Assessment of Power Information System

2010 ◽  
Vol 29-32 ◽  
pp. 2157-2163
Author(s):  
Ren Liu ◽  
Dong Xiao Niu
Keyword(s):  
Risk Assessment ◽  
Information System ◽  
Information Security ◽  
Electric Power ◽  
Quantitative Methods ◽  
Evaluation Method ◽  
Electricity Production ◽  
Security Risk ◽  
Information Security Risk ◽  
Security Risk Assessment

As information technology is widely used in electric power field, security risks penetrate into all aspects of electricity production and operation, meanwhile, complexity of electric power information system make it's very difficult to guard against security risk. Information security risk assessment is the foundation and the precondition of information system security. In this paper, combining long-term power information security supervision practice, we give a multi - hierarchy and multi - attribute index system of information security risk evaluation, and point out these indexes are characterized with grey, fuzzy and difficult to quantify. Then, the analytic hierarchy process (AHP) and the theory of grey system are introduced in setting up a comprehensive evaluation model, we obtain the final score using the information fusion of different experts. Additionally, an application example is used to illustrate the availability of the proposed evaluation method. The result shows that grey evaluation which combines advantages of the qualitative and quantitative methods can be applied to risk evaluate of information system more accurately and scientifically. Meanwhile the evaluation results can help supervisors judge which is the necessity to improve.

scholarly journals From rationale to lessons learned in the cloud information security risk assessment: a study of organizations in Sweden

2021 ◽  
Vol ahead-of-print (ahead-of-print) ◽  
Author(s):  
Ana Faizi ◽  
Ali Padyab ◽  
Andreas Naess
Keyword(s):  
Risk Assessment ◽  
Risk Management ◽  
Information Security ◽  
Management Practices ◽  
Lessons Learned ◽  
Cloud Services ◽  
Security Risk ◽  
Content Type ◽  
Information Security Risk ◽  
Security Risk Assessment

Purpose This study aims to address the issue of practicing information security risk assessment (ISRA) on cloud solutions by studying municipalities and large organizations in Sweden. Design/methodology/approach Four large organizations and five municipalities that use cloud services and conduct ISRA to adhere to their information security risk management practices were studied. Data were gathered qualitatively to answer the study’s research question: How is ISRA practiced on the cloud? The Coat Hanger model was used as a theoretical lens to study and theorize the practices. Findings The results showed that the organizations aimed to follow the guidelines, in the form of frameworks or their own experience, to conduct ISRA; furthermore, the frameworks were altered to fit the organizations’ needs. The results further indicated that one of the main concerns with the cloud ISRA was the absence of a culture that integrates risk management. Finally, the findings also stressed the importance of a good understanding and a well-written legal contract between the cloud providers and the organizations using the cloud services. Originality/value As opposed to the previous research, which was more inclined to try out and evaluate various cloud ISRA, the study provides insights into the practice of cloud ISRA experienced by the organizations. This study represents the first attempt to investigate cloud ISRA that organizations practice in managing their information security.

Genre-Based Approach to Assessing Information and Knowledge Security Risks

2015 ◽  
pp. 1237-1253
Author(s):  
Ali Mohammad Padyab ◽  
Tero Päivärinta ◽  
Dan Harnesk
Keyword(s):  
Risk Assessment ◽  
Information Security ◽  
Assessment Method ◽  
Organizational Dynamics ◽  
Future Research ◽  
Security Risk ◽  
Security Risks ◽  
Risk Assessment Method ◽  
Information Security Risk ◽  
Security Risk Assessment

Contemporary methods for assessing information security risks have adopted mainly technical views on information and technology assets. Organizational dynamics of information management and knowledge sharing have gained less attention. This article outlines a new, genre-based, approach to information security risk assessment in order to orientate toward organization- and knowledge-centric identification and analysis of security risks. In order to operationalize the genre-based approach, we suggest the use of a genre-based analytical method for identifying organizational communication patterns through which organizational knowledge is shared. The genre-based method is then complemented with tasks and techniques from a textbook risk assessment method (OCTAVE Allegro). We discuss the initial experiences of three experienced information security professionals who tested the method. The article concludes with implications of the genre-based approach to analyzing information and knowledge security risks for future research and practice.

A Fuzzy Logic Based Information Security Risk Assessment Method

2011 ◽  
Vol 130-134 ◽  
pp. 3726-3730
Author(s):  
Ya Ling Yang ◽  
Yan Hui Zhou
Keyword(s):  
Risk Assessment ◽  
Information System ◽  
Fuzzy Logic ◽  
Information Security ◽  
Assessment Method ◽  
Assessment Methods ◽  
Security Risk ◽  
Risk Assessment Method ◽  
Information Security Risk ◽  
Security Risk Assessment

Risk assessment for information security is uncertainty. To control these uncertainties is of great significance for effective risk assessment [1].There are many assessment methods, and the conclusions from them are less clear. This paper presents a fuzzy logic based information security risk assessment method FLISRAM. In this method, the results are from a comprehensive assessment for assets, threats and vulnerabilities of the information system.

Sign in / Sign up

Export Citation Format

Share Document