The international standard of information security risk management (ISO/IEC 27005:2011(E)) adopts an iterative approach and risk assessment methodology of information security incident scenarios analyses, applying the principle of 80/20 to calculate, and therefore should be able to save cost and to increase its effectiveness. On such a basis, we propose a rigorous and systematic approach to add...

To protect information technology assets, effective risk management strategies need to be implemented. However, there is little empirical evidence on the factors that affect the successful undertaking of risk assessment. It is also not clearly known exactly how various factors affect the different stages of risk assessment and whether all factors are equally important across all stages. This re...

In modern day’s institutions, risk management plays a crucial role as it aims to minimize the likelihood of adverse events and contributes to improve the quality of services delivery. In health care, an effective risk management is only possible if supported by information systems that can produce high quality measures and meaningful risk indicators. These indicators will then allow the healthc...

The reclaimed utilization of urban wastewater is an indispensable way for solving the crisis of urban water resource. In order to meet the needs of reclaimed water pollution control,the risk assessment model for reclaimed water utilization in basin are established. GIS was employed to derive all the data and evaluate model in order to get spatial variance and distribution of the risk levels on ...

This material is brought to you by the Journals at AIS Electronic Library (AISeL). It has been accepted for inclusion in Communications of the Association for Information Systems by an authorized administrator of AIS Electronic Library (AISeL). For more information, please contact [email protected]. As companies are increasingly exposed to information security threats, decision makers are per...

An effective information security culture is vital to the success of information systems governance, risk management and compliance. Small and medium size enterprises (SMEs) face special challenges developing an information security culture as they may lack the information security knowledge, skills and behaviours of large organisations. This paper reports the main findings from an interpretive...

Statistical database protection is a part of information security which tries to prevent published statistical information (tables, individual records) from disclosing the contribution of specific respondents. This paper shows how to use information-theoretic concepts to measure disclosure risk for tabular data. The proposed disclosure risk measure is compatible with a broad class of disclosure...

This study develops an alternative methodology for the risk analysis of information systems security (ISS). an evidential reasoning approach under the Dempster-Shafer theory of belief functions. The approach has the following important dimensions. First, the evidential reasoning approach provides a rigorous, structured manner to incorporate relevant ISS risk factors, related countermeasures, an...