期刊名称:Journal of Information and Organizational Sciences
印刷版ISSN:1846-3312
电子版ISSN:1846-9418
出版年度:2006
卷号:30
期号:2
页码:263-278
出版社:Faculty of Organization and Informatics University of Zagreb
摘要:The actual problem of information security (infosec) risk assessment is determining the value of information property or asset. This is particularly manifested through the use of quantitative methodology in which it is necessary to state the information value in quantitative sizes. The aim of this paper is to describe the evaluation possibilities of business information values, and the criteria needed for determining importance of information. For this purpose, the dimensions of information values will be determined and the ways used to present the importance of information contents will be studied. There are two basic approaches that can be used in evaluation: qualitative and quantitative. Often they are combined to determine forms of information content. The proposed criterion is the three-dimension model, which combines the existing experiences (i.e. possible solutions for information value assessment) with our own criteria. An attempt for structuring information value in a business environment will be made as well
关键词:information value; security risk assessment; information evaluation
