期刊名称:Journal of Information and Organizational Sciences
印刷版ISSN:1846-3312
电子版ISSN:1846-9418
出版年度:2007
卷号:31
期号:1
页码:51-61
出版社:Faculty of Organization and Informatics University of Zagreb
摘要:Information systems are exposed to different types of security risks. Theconsequences of information systems security (ISS) breaches can vary from e.g. damaging the data base integrity to physical "destruction" of entire information system facilities, and can result with minor disruptions in less important segments of information systems, or with significant interruptions in information systems functionality. The sources of security risks are different, and can origin from inside or outside of information system facility, and can be intentional or unintentional. The precise calculation of loses caused by such incidents is often not possible because a number of small scale ISS incidents are never detected, or detected with a significant time delay, a part of incidents are interpreted as an accidental mistakes, and all that results with an underestimation of ISS risks. This paper addresses the different types and criteria of information system security risks (threats) classification and gives an overview of most common classifications used in literature and in practice. We define a common set of criteria that can be used for information system security threats classification, which will enable the comparison and evaluation of different security threats from different security threats classifications.
关键词:information system security; ISS; security risk; threat; classification; criteria