期刊名称:Issues in Informing Science and Information Technology
印刷版ISSN:1547-5840
电子版ISSN:1547-5867
出版年度:2008
卷号:5
页码:073-085
出版社:Informing Science Institute
摘要:Despite the availability of numerous methods and publications concerning the proper conduct of
information security risk analyses, small and medium sized enterprises (SMEs) face serious organizational
challenges managing the deployment and use of these tools and methods to assist
them in selecting and implementing security safeguards to prevent IS security compromises. This
paper builds a case for and then outlines a possible approach and a multi-faceted research agenda
for developing an “open development” strategy to address recognized deficiencies in the area of
risk analysis to include developing: a multi-level risk assessment methodology and set of decision
heuristics designed to minimize the intellectual effort required to conduct SME infrastructure
level risk assessments, a set of decision heuristics to assist in the quantification of organizational
costs, financial as well as non-financial, a knowledge base of probability estimates associated
with specified classes of threats for use in the application of the aforementioned methodology and
automated tool(s) capable of supporting the execution of the aforementioned methodology and
heuristics.
关键词:information security, information assurance, risk management, risk assessment, open
source, open content
