• Corpus ID: 54964800

RISK ASSESSMENT MODEL FOR ORGANIZATIONAL INFORMATION SECURITY Balla

@inproceedings{Dioubate2015RISKAM,
  title={RISK ASSESSMENT MODEL FOR ORGANIZATIONAL INFORMATION SECURITY Balla},
  author={Moussa Dioubate and Nurul Nuha Abdul Molok and Shuhaili Talib and Abu Osman Md. Tap},
  year={2015}
}
Information security risk assessment (RA) plays an important role in the organization’s future strategic planning. Generally there are two types of RA approaches: quantitative RA and qualitative RA. The quantitative RA is an objective study of the risk that use numerical data. On the other hand, the qualitative RA is a subjective evaluation based on judgment and experiences which does not operate on numerical data. It is difficult to conduct a purely quantitative RA method, because of the… 

References

SHOWING 1-10 OF 19 REFERENCES
A Quantitative Model for Information-Security Risk Management
TLDR
The proposed model for managing information-security risks is based on a quantitative analysis of the security risks that enable organizations to introduce optimum security solutions and is designed as a standard procedure to lead the organization from the initial selection of input data to the final recommendations for the selection of the appropriate solutions.
Information Security Risk Assessment: Towards a Business Practice Perspective
TLDR
It is suggested that a business practice perspective be incorporated into ISRA methods in order to identify information leakage, unofficial, critical information assets and critical process knowledge of organisations.
Information risk management: Qualitative or quantitative? Cross industry lessons from medical and financial fields
Enterprises across the world are taking a hard look at their risk management practices. A number of qualitative and quantitative models and approaches are employed by risk practitioners to keep risk
Quantitative Model for Economic Analyses of Information Security Investment in an Enterprise Information System
TLDR
A mathematical model is presented for the optimal security-technology investment evaluation and decision-making processes based on the quantitative analysis of security risks and digital asset assessments in an enterprise that allows direct comparison and quantitative assessment of different security measures.
Information Security Risk Analysis Methods and Research Trends: AHP and Fuzzy Comprehensive Method
TLDR
Development and application of soft computing such as rough sets, grey sets, fuzzy systems, generic algorithm, support vector machine, and Bayesian network and hybrid model are developed.
Risk assessment in ERP projects
A Model-based Information Security Risk Assessment Method for Science Gateways
TLDR
A novel method to do risk assessments: MISRAM, the Model-based Information Security Risk Assessment Method, which uses an information architecture model, a method to assign values to information assets and IT components, and a methods to calculate risks.
QUIRC: A Quantitative Impact and Risk Assessment Framework for Cloud Security
TLDR
A quantitative risk and impact assessment framework (QUIRC) is presented, which enables stakeholders to comparatively assess the relative robustness of different cloud vendor offerings and approaches in a defensible manner.
RISK MANAGEMENT AND INFORMATION TECHNOLOGY PROJECTS
TLDR
The main focus of this paper is to investigate the impacts of Knowledge Management (KM) on Risk Management (RM) in IT project implementation process.
The Quantification Management of Information Security Risk
  • Guoling Lao, Liping Wang
  • Computer Science
    2008 4th International Conference on Wireless Communications, Networking and Mobile Computing
  • 2008
TLDR
This article quantifies the risk from the angle of view of financial risk and refers to the mature quantitative models and methods that will promote the development of information security risk management as well as integration with other financial risks.
...
...