A Security Risk Analysis Model for Information Systems
نویسندگان
چکیده
Information security is a crucial technique for an organization to survive in these days. However, there is no integrated model to assess the security risk quantitatively and optimize its resources to protect organization information and assets effectively. In this paper, an integrated, quantitative risk analysis model is proposed including asset, threat and vulnerability evaluations by adapting software risk management techniques. It is expected to analyze security risk effectively and optimize resources to mitigate the risk.
منابع مشابه
Identifying Information Security Risk Components in Military Hospitals in Iran
Background and Aim: Information systems are always at risk of information theft, information change, and interruptions in service delivery. Therefore, the present study was conducted to develop a model for identifying information security risk in military hospitals in Iran. Methods: This study was a qualitative content analysis conducted in military hospitals in Iran in 2019. The sample consist...
متن کاملبهبود رتبه بندی مخاطرات امنیت اطلاعات با استفاده از مدل های تصمیم گیری چند شاخصه
One of the most important capabilities of information security management systems, which must be implemented in all organizations according to their requirements, is information security risk management. The application of information security risk management is so important that it can be named as the heart of information security management systems. Information security risk rating is conside...
متن کاملSystems Risk Analysis UsingHierarchical Modeling
A fresh look at the system analysis helped us in finding a new way of calculating the risks associated with the system. The author found that, due to the shortcomings of RPN, more researches needed to be done in this area to use RPNs as a new source of information for system risk analysis. It is the purpose of this article to investigate the fundamental concepts of failure modes and effects ana...
متن کاملDeveloping a Model Based on Geospatial Information Systems (GIS) and Adaptive Neuro-Fuzzy Inference Systems (ANFIS) for Providing the Spatial Distribution Map of Landslide Risk. Case Study: Alborz Province
Landslide is one of these natural hazards which causes a great amount of financial and human damage annually allover the world. Accordingly, identification of areas with landslide threat for implementation of preventive measures in order to confront against the instability of hillsides for reduction of potential threats and related risks is very important. In this research a new method for clas...
متن کاملExploring the Type of Relationship between Information Security Management and Organizational Culture (Case Study in TAM Iran Khodro Co.)
A culture conducive to information security practice is extremely important for organizations since information has to be critical assets in modern enterprises. Thus for understanding and improving the organizational behavior with regard to information security, enterprises may look into organizational culture and examine how it affects the effectiveness of implementing ISM. This study aims ...
متن کاملExploring the Type of Relationship between Information Security Management and Organizational Culture (Case Study in TAM Iran Khodro Co.)
A culture conducive to information security practice is extremely important for organizations since information has to be critical assets in modern enterprises. Thus for understanding and improving the organizational behavior with regard to information security, enterprises may look into organizational culture and examine how it affects the effectiveness of implementing ISM. This study aims ...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
عنوان ژورنال:
دوره شماره
صفحات -
تاریخ انتشار 2004