Dioubate, Balla Mousa and Abdul Molok, Nurul Nuha and Talib, Shuhaili and Md. Tap, Abu Osman (2015) Risk assessment model for organizational information security. ARPN Journal of Engineering and Applied Sciences, 10 (23). pp. 17607-17613. ISSN 1819-6608
![[img]](http://irep.iium.edu.my/style/images/fileicons/application_pdf.png)
|
PDF
- Published Version
Download (308kB) | Preview |
|
|
PDF (SCOPUS)
- Supplemental Material
Download (167kB) | Preview |
Abstract
Information security risk assessment (RA) plays an important role in the organization’s future strategic planning. Generally there are two types of RA approaches: quantitative RA and qualitative RA. The quantitative RA is an objective study of the risk that use numerical data. On the other hand, the qualitative RA is a subjective evaluation based on judgment and experiences which does not operate on numerical data. It is difficult to conduct a purely quantitative RA method, because of the difficulty to comprehend numerical data alone without a subjective explanation. However, the qualitative RA does not necessarily demand the objectivity of the risks, although it is possible to conduct RA that is purely qualitative in nature. If implemented in silos, the limitations of both quantitative and qualitative methods may increase the likelihood of direct and indirect losses of an organization. This paper suggests a combined RA model from both quantitative and qualitative RA methods to be used for assessing information security risks. In order to interpret and apply the model, a prototype of RA for information security risks will be developed. This prototype will be evaluated by information security risk management experts from the industry. Feedback from the experts will be used to improve the proposed RA model. The implementation of an appropriate model ensures a successful RA method and prevent the organization from the natural and causal risks that are related to securing information assets.
| Item Type: | Article (Journal) |
|---|---|
| Additional Information: | 5341/47335 |
| Uncontrolled Keywords: | Information Security Risk Assessment, Quantitative Risk Assessment, Qualitative Risk Assessment |
| Subjects: | H Social Sciences > HD Industries. Land use. Labor > HD61 Risk Management T Technology > T Technology (General) > T55.4 Industrial engineering.Management engineering. > T58.6 Management information systems |
| Kulliyyahs/Centres/Divisions/Institutes (Can select more than one option. Press CONTROL button): | Kulliyyah of Information and Communication Technology > Department of Information System Kulliyyah of Information and Communication Technology > Department of Information System Kulliyyah of Information and Communication Technology Kulliyyah of Information and Communication Technology |
| Depositing User: | Dr. Nurul Nuha Abdul Molok |
| Date Deposited: | 11 Jan 2016 08:03 |
| Last Modified: | 17 Oct 2019 16:21 |
| URI: | http://irep.iium.edu.my/id/eprint/47335 |
Actions (login required)
 |
View Item |
Download Statistics
Download Statistics