2014
DOI: 10.4236/jis.2014.54016
|View full text |Cite
|
Sign up to set email alerts
|

A Conceptual Framework for Threat Assessment Based on Organization’s Information Security Policy

Abstract: The security breaches of sensitive information have remained difficult to solve due to increased malware programs and unauthorized access to data stored in critical assets. As risk appetite differ from one organization to another, it prompts the threat analysis tools be integrated with organization's information security policy so as to ensure security controls at local settings. However, it has been noted that the current tools for threat assessment processes have not encompassed information security policy f… Show more

Help me understand this report

Search citation statements

Order By: Relevance

Paper Sections

Select...
2
1
1
1

Citation Types

0
10
0

Year Published

2016
2016
2021
2021

Publication Types

Select...
3
3

Relationship

1
5

Authors

Journals

citations
Cited by 14 publications
(10 citation statements)
references
References 9 publications
0
10
0
Order By: Relevance
“…However, the controls defined by the organisation's information security policy were used in order to maintain their existing policy structure. After this technical alignment, the data collected [2] during assessment of security awareness and maturity levels were used as pilot data for testing the experimental prototype while on development stage.…”
Section: Prototype Experimentation and Resultsmentioning
confidence: 99%
See 3 more Smart Citations
“…However, the controls defined by the organisation's information security policy were used in order to maintain their existing policy structure. After this technical alignment, the data collected [2] during assessment of security awareness and maturity levels were used as pilot data for testing the experimental prototype while on development stage.…”
Section: Prototype Experimentation and Resultsmentioning
confidence: 99%
“…The generated radar and line graphs for assessing inside threats and security awareness and maturity level in public organization have provided practical approach for improving the internal security strategies for preserving confidentiality, integrity and availability as core services in security management. During prototype testing, we selected one organization from five organizations U, V, W, Y and Z which participated in the previous study [2]. The graphs generated for visual demonstration have provided evidence that, the policies can be automated to support security management based on pre-defined set of rules.…”
Section: Resultsmentioning
confidence: 99%
See 2 more Smart Citations
“…The results from cross-case analysis also indicate that risk assessment was the key element that could determine the comprehension of the security policy's contents. Currently, there are various tools available for security threat assessment such as Common Criteria, OCTAVE, CORAS and CySeMoL [52]. However, even though there are numerous tools and techniques that can facilitate the identification and analysis of risks, it is recommended that a multidisciplinary workshop discussion be included in the threat analysis [18].…”
Section: ) Development Phasementioning
confidence: 99%