IIUM Repository

Risk assessment model for organizational information security

Dioubate, Balla Mousa and Abdul Molok, Nurul Nuha and Talib, Shuhaili and Md. Tap, Abu Osman (2015) Risk assessment model for organizational information security. ARPN Journal of Engineering and Applied Sciences, 10 (23). pp. 17607-17613. ISSN 1819-6608

PDF - Published Version
Download (308kB) | Preview
PDF (SCOPUS) - Supplemental Material
Download (167kB) | Preview


Information security risk assessment (RA) plays an important role in the organization’s future strategic planning. Generally there are two types of RA approaches: quantitative RA and qualitative RA. The quantitative RA is an objective study of the risk that use numerical data. On the other hand, the qualitative RA is a subjective evaluation based on judgment and experiences which does not operate on numerical data. It is difficult to conduct a purely quantitative RA method, because of the difficulty to comprehend numerical data alone without a subjective explanation. However, the qualitative RA does not necessarily demand the objectivity of the risks, although it is possible to conduct RA that is purely qualitative in nature. If implemented in silos, the limitations of both quantitative and qualitative methods may increase the likelihood of direct and indirect losses of an organization. This paper suggests a combined RA model from both quantitative and qualitative RA methods to be used for assessing information security risks. In order to interpret and apply the model, a prototype of RA for information security risks will be developed. This prototype will be evaluated by information security risk management experts from the industry. Feedback from the experts will be used to improve the proposed RA model. The implementation of an appropriate model ensures a successful RA method and prevent the organization from the natural and causal risks that are related to securing information assets.

Item Type: Article (Journal)
Additional Information: 5341/47335
Uncontrolled Keywords: Information Security Risk Assessment, Quantitative Risk Assessment, Qualitative Risk Assessment
Subjects: H Social Sciences > HD Industries. Land use. Labor > HD61 Risk Management
T Technology > T Technology (General) > T55.4 Industrial engineering.Management engineering. > T58.6 Management information systems
Kulliyyahs/Centres/Divisions/Institutes (Can select more than one option. Press CONTROL button): Kulliyyah of Information and Communication Technology > Department of Information System
Kulliyyah of Information and Communication Technology > Department of Information System

Kulliyyah of Information and Communication Technology
Kulliyyah of Information and Communication Technology
Depositing User: Dr. Nurul Nuha Abdul Molok
Date Deposited: 11 Jan 2016 08:03
Last Modified: 17 Oct 2019 16:21
URI: http://irep.iium.edu.my/id/eprint/47335

Actions (login required)

View Item View Item


Downloads per month over past year