期刊名称:International Journal of Innovative Research in Science, Engineering and Technology
印刷版ISSN:2347-6710
电子版ISSN:2319-8753
出版年度:2014
卷号:3
期号:10
页码:16988
DOI:10.15680/IJIRSET.2014.0310081
出版社:S&S Publications
摘要:Information security risk assessment has gained importance as organisations‟ dependence on informationhas grown on the one handwhile the threat environment has become complex on the other hand. Traditional riskassessments are subjective and are have proven to be inadequate in addressing the growing complexity of identifying,analyzing and evaluating risks in recent times. Risk-related decisions are invariably based upon scores derived fromrudimentary aggregation of qualitative ratings. A study of risk assessment practices over the last two decades revealedthat effort has been made to make risk assessments as quantitative as possible. Literature review revealed rich potentialfor adaptations of risk assessment methods from other mature fields namely medicine and finance.The study proposesresearch and innovation requirement towards a new information security risk assessment model. This new approachshould have a scientific foundation to assess and evaluate risks which should improve information security riskassessment approach by assessing risks in a more objective manner while giving due consideration to appropriatemeasurement unit for each specific risk area; while taking into consideration inter dependence among different riskareas.This paper lays a sound foundation for advanced innovation in the field of information risks.
关键词:Information Risks; Challenges; Information Security Risk Assessment; Qualitative; Quantitative
