UTHM Institutional Repository

A conceptual framework of info structure for information security risk assessment (ISRA)

Palaniappan, Shamala and Ahmad, Rabiah and Yusoff, Mariana (2013) A conceptual framework of info structure for information security risk assessment (ISRA). Journal of information security and applications, 18. pp. 45-52. ISSN 22142126

[img] PDF

Download (724kB)


Information security has become a vital entity to most organizations today due to current trends in information transfer through a borderless and vulnerable world. The concern and interest in information security is mainly due to the fact that information security risk assessment (ISRA) is a vital method to not only to identify and prioritize information assets but also to identify and monitor the specific threats that an organization induces; especially the chances of these threats occurring and their impact on the respective businesses. However, organizations wanting to conduct risk assessment may face problems in selecting suitable methods that would augur well in meeting their needs. This is due to the existence of numerous methodologies that are readily available. However, there is a lack in agreed reference benchmarking as well as in the comparative framework for evaluating these ISRA methods to access the information security risk. Generally, organizations will choose the most appropriate ISRA method by carrying out a comparative study between the available methodologies in detail before a suitable method is selected to conduct the risk assessment. This paper suggests a conceptual framework of info-structure for ISRA that was developed by comparing and analysing six methodologies which are currently available. The infostructure for ISRA aims to assist organizations in getting a general view of ISRA flow, gathering information on the requirements to be met before risk assessment can be conducted successfully. This info-structure can be conveniently used by organizations to complete all the required planning as well as the selection of suitable methods to complete the ISRA.

Item Type: Article
Uncontrolled Keywords: Info-structure; information security; information security risk assessment (ISRA); risk assessment; methodologies; conceptual framework
Subjects: Q Science > QA Mathematics > QA76 Computer software
Divisions: Faculty of Computer Science and Information Technology > Department of Information Security
Depositing User: Mr. Mohammad Shaifulrip Ithnin
Date Deposited: 13 Aug 2018 03:37
Last Modified: 13 Aug 2018 03:37
URI: http://eprints.uthm.edu.my/id/eprint/9417
Statistic Details: View Download Statistic

Actions (login required)

View Item View Item


Downloads per month over past year