Collective information structure model for Information Security Risk Assessment (ISRA)

Purpose – Information security has become an essential entity for organizations across the globe to eliminate the possible risks in their organizations by conducting information security risk assessment (ISRA). However, the existence of numerous different types of risk assessment methods, standards, guidelines and specifications readily available causes the organizations to face the daunting tasks in determining the most suitable method that would augur well in meeting their needs. Therefore, to overcome this tedious process, this paper suggests collective information structure model for ISRA. Design/methodology/approach – The proposed ISRA model was developed by deploying a questionnaire using close-ended questions administrated to a group of information security practitioners in Malaysia (N 80). The purpose of the survey was to strengthen and addmore relevant additional features to the existing framework, as it was developed based on secondary data. Findings – Previous comparative and analyzed studies reveals that all the six types of ISRA methodologies have features of the same kind of informationwith a slight difference in form. Therefore, questionnaires were designed to insert additional features to the research framework. All the additional features chosen were based on high frequency of more than half percentage agreed responses from respondents. The analyses results inspire in generating a collective information structure model which more practical in the real environment of the workplace. The authors would like to thank University Tun Hussien Onn Malaysia (UTHM) for supporting this research. The authors would also like to thank SIRIM QAS, CyberSecurity and all the Information Security Practitioners for their support. The current issue and full text archive of this journal is available on Emerald Insight at: www.emeraldinsight.com/1328-7265.htm Collective information structure model