A conceptual framework of info structure for information security risk assessment (ISRA)

Shamala, Palaniappan and Ahmad, Rabiah and Yusoff, Mariana (2013) A conceptual framework of info structure for information security risk assessment (ISRA). Journal Of Information Security And Applications, 18. pp. 45-52.

Text
J4184_fecbfe8dd3d86e47930e20d1eb443870.pdf
Restricted to Registered users only
Download (724kB) | Request a copy

Official URL: http://dx.doi.org/10.1016/j.jisa.2013.07.002

Abstract

Information security has become a vital entity to most organizations today due to current trends in information transfer through a borderless and vulnerable world. The concern and interest in information security is mainly due to the fact that information security risk assessment (ISRA) is a vital method to not only to identify and prioritize information assets but also to identify and monitor the specific threats that an organization induces; especially the chances of these threats occurring and their impact on the respective businesses. However, organizations wanting to conduct risk assessment may face problems in selecting suitable methods that would augur well in meeting their needs. This is due to the existence of numerous methodologies that are readily available. However, there is a lack in agreed reference benchmarking as well as in the comparative framework for evaluating these ISRA methods to access the information security risk. Generally, organizations will choose the most appropriate ISRA method by carrying out a comparative study between the available methodologies in detail before a suitable method is selected to conduct the risk assessment. This paper suggests a conceptual framework of info-structure for ISRA that was developed by comparing and analysing six methodologies which are currently available. The info�structure for ISRA aims to assist organizations in getting a general view of ISRA flow, gath�ering information on the requirements to be met before risk assessment can be conducted successfully. This info-structure can be conveniently used by organizations to complete all the required planning as well as the selection of suitable methods to complete the ISRA.

Item Type:	Article
Uncontrolled Keywords:	Info-structure; Information security; Information security risk; assessment (ISRA); Risk assessment; Methodologies; Conceptual framework.
Subjects:	T Technology > T Technology (General)
Depositing User:	Mr. Abdul Rahim Mat Radzuan
Date Deposited:	06 Dec 2022 02:58
Last Modified:	06 Dec 2022 02:58
URI:	http://eprints.uthm.edu.my/id/eprint/8090

Actions (login required)

View Item