Evaluation of information security risks using hybrid assessment model

An enterprise is characterized by its business processes and supporting ICT infrastructure. Securing these entities is of utmost importance for the survival of an enterprise and continuity of its business operations. In order to secure them, it is important to first detect the risks that can be realized to cause harm to those entities. Over the years, several kinds of security risk analysis methodologies have been proposed. They cater to different categories of enterprise entities and consider varying levels of detail during risk analysis. An enterprise often finds it difficult to select a particular method that will best suit its purpose. This paper attempts to address this problem by presenting a detailed study of existing risk analysis methodologies. The study classifies them into specific categories and performs comparative analyses considering different parameters addressed by the methodologies, including asset type, vulnerabilities, threats, and security controls.

show abstract

An Analytical Study of Methodologies and Tools for Enterprise Information Security Risk Management

Bhattacharjee

¹

,

Sengupta

²

,

Barik

³

et al.

Global Business Expansion

View full text Add to dashboard Cite

An enterprise is characterized by its business processes and supporting ICT infrastructure. Securing these entities is of utmost importance for the survival of an enterprise and continuity of its business operations. In order to secure them, it is important to first detect the risks that can be realized to cause harm to those entities. Over the years, several kinds of security risk analysis methodologies have been proposed. They cater to different categories of enterprise entities and consider varying levels of detail during risk analysis. An enterprise often finds it difficult to select a particular method that will best suit its purpose. This paper attempts to address this problem by presenting a detailed study of existing risk analysis methodologies. The study classifies them into specific categories and performs comparative analyses considering different parameters addressed by the methodologies, including asset type, vulnerabilities, threats, and security controls.

show abstract

Evaluation of information security risks using hybrid assessment model

Cited by 3 publications

References 1 publication

Information security risk in SMEs: A hybrid model compatible with IFRS: Evaluation in two Ecuadorian SMEs of automotive sector

Information security risk in SMEs: A hybrid model compatible with IFRS: Evaluation in two Ecuadorian SMEs of automotive sector

An Analytical Study of Methodologies and Tools for Enterprise Information Security Risk Management

An Analytical Study of Methodologies and Tools for Enterprise Information Security Risk Management

Contact Info

Product

Resources

About