Abstract

The goal of this study lies in the construction and evaluation of a Bayesian index for measuring enterprises’ information security (IS) risk. By integrating IS experts’ judgments, we constructed a quantitative Bayesian index model for the assessment of enterprises’ IS risk. The risk assessment of enterprises’ IS makes enterprises aware of their IS risk and enables them to make better decisions to reduce that risk. Through the Delphi method and in-depth interviews with domain experts, the risk factors of IS were grouped into five categories with a total of 29 risk items. The first five key indicators are as follows: (i) top management support; (ii) the impediment and detection of the attack by worms, viruses and spyware programs; (iii) the protective measure and technique against the known hacker's attack; (iv) system access privilege control password, gold key management and (v) the IS equipment/software meets the requirement. Finally, the model was cross validated with enterprises that have implemented International Organization for Standardization/International Electro-technical Commission 27001. The study demonstrated that a subjective Bayesian model can be used to develop a reliable index for measuring IS risk, with potential for practical application in the management of the IS risk.

Talk to us

Join us for a 30 min session where you can share your feedback and ask us any queries you have

Schedule a call

Disclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.