A new comprehensive framework for enterprise information security risk management

“…Saleh & Alfantookh (Saleh and Alfantookh, 2011) concur in opinion. However, the main goal of all the ISRA is to reduce, mitigate, transfer or accept risks to an acceptable level by prioritizing and estimating the risk value (Saleh and Alfantookh, 2011;Straub and Welke, 1998). Hence, it can be concluded that any organization, regardless of their size, they have to ensure that the details for the activity listed below are gathered accurately: a.…”

“…Nowadays, there are a number of different types of risk assessment process, frameworks and methodologies in information security literature (Saleh and Alfantookh, 2011). Table 1 illustrates the list of ISRA methodologies issued by organizations.…”

“…However, the main problem in risk assessment is how to assess all risks so that by using the output of the risk assessment, these organizations could define appropriate controls for reducing or eliminating those risks (Syalim et al, 2009). Nowadays, there are a number of different types of risk assessment methods, standards, guidelines and specifications that are available; some of which are qualitative while others are more quantitative in nature (Saleh and Alfantookh, 2011;Eloff, 2003). Each of these methods has been developed to meet a particular need and hence has different objectives, steps, structure and level of application.…”

“…In addition, there is no standardized and trustable ISRA methods currently in existence (Syalim et al, 2009;Spears, 2006;Eloff and Eloff, 2005). There is also no agreed reference benchmark or comparative framework for evaluating these ISRA methods to assess the information security risk (Syalim et al, 2009;Saleh and Alfantookh, 2011;Vorster and Labuschagne, 2005).…”

“…In addition, current studies highlight that in order to protect information assets, organizations need to make comparisons between methodologies and decide on the best (Saleh and Alfantookh, 2011;Vorster and Labuschagne, 2005). This tedious process leads to unwarranted time, money and energy consumption.…”

A conceptual framework of info structure for information security risk assessment (ISRA)

“…Saleh & Alfantookh (Saleh and Alfantookh, 2011) concur in opinion. However, the main goal of all the ISRA is to reduce, mitigate, transfer or accept risks to an acceptable level by prioritizing and estimating the risk value (Saleh and Alfantookh, 2011;Straub and Welke, 1998). Hence, it can be concluded that any organization, regardless of their size, they have to ensure that the details for the activity listed below are gathered accurately: a.…”

“…Nowadays, there are a number of different types of risk assessment process, frameworks and methodologies in information security literature (Saleh and Alfantookh, 2011). Table 1 illustrates the list of ISRA methodologies issued by organizations.…”

“…However, the main problem in risk assessment is how to assess all risks so that by using the output of the risk assessment, these organizations could define appropriate controls for reducing or eliminating those risks (Syalim et al, 2009). Nowadays, there are a number of different types of risk assessment methods, standards, guidelines and specifications that are available; some of which are qualitative while others are more quantitative in nature (Saleh and Alfantookh, 2011;Eloff, 2003). Each of these methods has been developed to meet a particular need and hence has different objectives, steps, structure and level of application.…”

“…In addition, there is no standardized and trustable ISRA methods currently in existence (Syalim et al, 2009;Spears, 2006;Eloff and Eloff, 2005). There is also no agreed reference benchmark or comparative framework for evaluating these ISRA methods to assess the information security risk (Syalim et al, 2009;Saleh and Alfantookh, 2011;Vorster and Labuschagne, 2005).…”

“…In addition, current studies highlight that in order to protect information assets, organizations need to make comparisons between methodologies and decide on the best (Saleh and Alfantookh, 2011;Vorster and Labuschagne, 2005). This tedious process leads to unwarranted time, money and energy consumption.…”

A conceptual framework of info structure for information security risk assessment (ISRA)

A New Model for Information Security Risk Management

Internet of Things Adoption Challenges in Enterprise Asset Management Organisations