ISRAM: information security risk analysis method (original) (raw)
2005, Computers & Security
Continuously changing nature of technological environment has been enforcing to revise the process of information security risk analysis accordingly. A number of quantitative and qualitative risk analysis methods have been proposed by researchers and vendors. The purpose of these methods is to analyze today's information security risks properly. Some of these methods are supported by a software package. In this study, a survey based quantitative approach is proposed to analyze security risks of information technologies by taking current necessities into consideration. The new method is named as Information Security Risk Analysis Method (ISRAM). Case study has shown that ISRAM yields consistent results in a reasonable time period by allowing the participation of the manager and staff of the organization. ยช 54 are taking over this responsibility from the head of 55 IT department (Owens, 1998). Thus, managers of 56 organizations should understand the risk analysis 57 process that directly affects the protection of 58 information technologies. Moreover, managers 59 may desire to participate in risk analysis process. 60 The structure of new risk analysis methods allows 61 the participation of managers (In this study, a new method named Information 66 Security Risk Analysis Method (ISRAM) is proposed 67 for information security risk analysis by taking 68 today's needs into account. ISRAM is designed for 69 analyzing the risks at complex information systems 70 by allowing the participation of managers and 71 staff. Proposed method consists of seven steps. 72 These steps are exemplified in a case study in 73 order to explain ISRAM clearly. To verify the results 74 of the same case study, a risk model is set up with 75 Arena simulation software. The collected real-life 76 statistical data are introduced into the risk model. 77
Sign up for access to the world's latest research.
checkGet notified about relevant papers
checkSave papers to use in your research
checkJoin the discussion with peers
checkTrack your impact
Loading Preview
Sorry, preview is currently unavailable. You can download the paper by clicking the button above.