A Conceptual Model for Information Security Risk Considering Business Process Perspective

Hariyanti, Eva; Djunaidy, Arif; Siahaan, Daniel

doi:10.1109/icstc.2018.8528678

Cited by 10 publications

(8 citation statements)

References 27 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Seven articles focus on information security risk analysis in government, three on educational institutions, one on civil engineering companies, one on e-commerce in particular, two on cloud computing, and the others on information systems in general. [11], [13], [15], [18], [21], [24], [25], [26], [27], [30], [35] 11 Government [14], [19], [23], [28], [29], [32], [34] 7 Education Institution [16], [20], […”

Section: Bmentioning

confidence: 99%

“…Risk Analysis Method Risk assessment appraisal techniques were further grouped into quantitative, qualitative, and hybrid types [16]. The quantitative method is an analysis that provides a value to assets and the costs of realized risks using a statistical method [36].…”

Section: Dmentioning

confidence: 99%

“…There is one study that compares quantitative and qualitative methods [11]. [11], [15], [18], [20], [21], [25], [28], [31], [32] 9 Quantitative [11], [13], [16], [17], [22], [26], [27], [35] 8 Hybrid [12], [14], [19], [23], [24], [29], [30], [33], [34] 9…”

Section: Dmentioning

confidence: 99%

See 2 more Smart Citations

Information Security Risk Assessment (ISRA): A Systematic Literature Review

Devi

Sensuse

Kautsarina

et al. 2022

J. Inf. Syst. Eng. Bus. Intell.

View full text Add to dashboard Cite

Background: Information security is essential for organisations, hence the risk assessment. Information security risk assessment (ISRA) identifies, assesses, and prioritizes risks according to organisational goals. Previous studies have analysed and discussed information security risk assessment. Therefore, it is necessary to understand the models more systematically. Objective: This study aims to determine types of ISRA and fill a gap in literature review research by categorizing existing frameworks, models, and methods. Methods: The systematic literature review (SLR) approach developed by Kitchenham is applied in this research. A total of 25 studies were selected, classified, and analysed according to defined criteria. Results: Most selected studies focus on implementing and developing new models for risk assessment. In addition, most are related to information systems in general. Conclusion: The findings show that there is no single best framework or model because the best framework needs to be tailored according to organisational goals. Previous researchers have developed several new ISRA models, but empirical evaluation research is needed. Future research needs to develop more robust models for risk assessments for cloud computing systems. Keywords: Information Security Risk Assessment, ISRA, Security Risk

show abstract

Section: Bmentioning

confidence: 99%

Section: Dmentioning

confidence: 99%

See 1 more Smart Citation

Information Security Risk Assessment (ISRA): A Systematic Literature Review

Devi

Sensuse

Kautsarina

et al. 2022

J. Inf. Syst. Eng. Bus. Intell.

View full text Add to dashboard Cite

show abstract

“…The Importance Of Identification Risk in Business Process Hariyanti et al (2018) agreed that organization needs to define the scope and context of risk management especially the aspect that changes dynamically such as business process. There is no business without risk; however, it plays a significant role in business in minimizing or eliminating whatever point conceivable as to prevent losses.…”

Section: Determining Risk In Business Processmentioning

confidence: 99%

A Study On Risks Involved In Using Different Business Process Tools And Techniques To Manage Them

Rahman¹,

Rahman²,

Rosneddin³

et al. 2021

JUSST

View full text Add to dashboard Cite

This paper shows the outcome of the research conducted on risks while using business process tools and techniques applied to manage them. The study aims at getting answers for basic questions about risk management, such as what kind of risks the the businesses are encountering, and how to identify the risks and assess them. Risk assessments are very important as they form an integral part of plan management. Therefore, in this study, the aim is to evaluate the risks in different business processes along with the tools and techniques to manage or minimize the level of risks by adding more control measures as necessary.

show abstract

“…Belov et al [16] proposed a risk value calculation of the business completion rate by studying the situation of the business resource completion rate and quantitatively assessed the business system risk. Hariyanti et al [17] proposed a new information security risk assessment model based on the business process to improve the model based on the organization's assets. Silmie et al [18] proposed a business continuity plan framework, which is a procedural guidance to create plans that prevent, prepare, respond, manage, and recover a business from any disruption.…”

Section: Introductionmentioning

confidence: 99%

A Key Business Node Identification Model for Internet of Things Security

Xie

Yang

et al. 2020

Security and Communication Networks

View full text Add to dashboard Cite

Based on the research of business continuity and information security of the Internet of Things (IoT), a key business node identification model for the Internet of Things security is proposed. First, the business nodes are obtained based on the business process, and the importance decision matrix of business nodes is constructed by quantifying the evaluation attributes of nodes. Second, the attribute weights are improved by the analytic hierarchy process (AHP) and entropy weighting method from subjective and objective dimensions to form the combination weight decision matrix, and the analytic hierarchy process and entropy weighting VIKOR (AE-VIKOR) method are used to calculate the business node importance coefficient to identify the key nodes. Finally, according to the NSL-KDD dataset, the network security events of IoT network intrusion detection based on machine learning are monitored purposefully, and after the information security event occurs in the smart mobile phone, which impacts through IoT on the business system, the impact of the key business node on business continuity is analyzed, and the business continuity risk value is calculated to evaluate the business risk to prove the effectiveness of the model. The experimental results of the civil aviation departure business show that the AE-VIKOR method can effectively identify key business node, and the impact of the key business node on business continuity is analyzed, which further proves the efficiency and accuracy of the model in identifying the key business node.

show abstract

A Conceptual Model for Information Security Risk Considering Business Process Perspective

Cited by 10 publications

References 27 publications

Information Security Risk Assessment (ISRA): A Systematic Literature Review

Information Security Risk Assessment (ISRA): A Systematic Literature Review

A Study On Risks Involved In Using Different Business Process Tools And Techniques To Manage Them

A Key Business Node Identification Model for Internet of Things Security

Contact Info

Product

Resources

About