Approaches for Information Security Modeling

Introduction: In this era of globalisation, organizations heavily depend on IT to facilitate their business operations. IT provides with numerous opportunities and improved efficiency for many modern day organizations. It also comes with its own set of security risks. The ever changing risk context of an organization, collaboration with other organizations, ecommerce clearly insists upon an effective Information Security system. In this knowledge driven economy information is a critical asset to an organization. Considering the fact that information has been a critical asset for any organization or a business enterprise, Information Security has been less about being a technical aspect for the business and more important for the sustainability of the business. The exact role of Information Security is still not clearly defined in many organizations, while some still view Information Security as a cost centre, it has been shown that effectively managed Information Security organizations can be instrumental in helping an enterprise meet its business goals by improving efficiency. This paper is a survey of few recent security models to provide for Information Security modelling. The first section describes the security model requirements and the issues related with the concept. It is followed by the section describing the process of risk assessment and the key factors associated with it. The last section answers for the complete management of the risk.