A Comparative Analysis on Risk Assessment Information Security Models
نویسندگان
چکیده
This study equates a choice of methods that allow an organization to weigh their information security risk. The initial models went through two selection iterations before we end up with the final three Risks assessment models. The main purpose of the study is to compare and clarify the different activities, inputs and outputs required by each information security risk assessment models and also analyze which ones address information security risk effectively. The resulting information helps evaluating the models’ applicability to an organization and their specific needs. In order to verify and validate the conclusions taken from the theoretical study of the three final models, a practical experience was put into practice in a real organization.
منابع مشابه
Comparative Study of Information Security Risk Assessment Models for Cloud Computing systems
This paper reviews the state of the art in cyber security risk assessment of Cloud Computing systems. We select and examine in detail the quantitative security risk assessment models developed for or applied especially in the context of a Cloud Computing system. We review and then analyze existing models in terms of aim; the stages of risk management addressed; key risk management concepts cove...
متن کاملارائه الگویی برای ارزیابی ریسک آتشسوزیهای عمدی
Background & Objectives : It is not possible to live without using fire. However, fire could destruct human properties in a short time. One of the most important types of fire is intentional fire. This type of fire has become a great problem for insurance companies, fire departments, industries, government and business in the recent years. This study aimed to provide a framework for risk assess...
متن کاملMethods and Approaches to Investigating Information Risks by Means of Economic Cost Models
The article deals with legal documents in the field of information security, methods of the information risk assessment including economic cost models for identifying probabilistic parameters and structure of information risks and application of these models to the analysis of investments in information security projects. An adequate assessment of information risk and optimization of investment...
متن کاملIdentifying Information Security Risk Components in Military Hospitals in Iran
Background and Aim: Information systems are always at risk of information theft, information change, and interruptions in service delivery. Therefore, the present study was conducted to develop a model for identifying information security risk in military hospitals in Iran. Methods: This study was a qualitative content analysis conducted in military hospitals in Iran in 2019. The sample consist...
متن کاملA risk model for cloud processes
Traditionally, risk assessment consists of evaluating the probability of "feared events", corresponding to known threats and attacks, as well as these events' severity, corresponding to their impact on one or more stakeholders. Assessing risks of cloud-based processes is particularly difficult due to lack of historical data on attacks, which has prevented frequency-based identification...
متن کامل