Abstract

The complexity of information security does not resume to mere technicality, transferring significant liability to proper management. Risk analysis in information security is a powerful tool that comes in handy for managers in making decisions about the implementation of efficient information management systems, in order to achieve the organization's mission.
 As a part of risk management, risk analysis is the systematic implementation of methods, techniques and management practices to assess the context, identify, analyze, evaluate, treat, monitor and communicate the risks for the information security and systems through which they are processed, stored or transmitted.
 The ISO/IEC 27005:2011 – Information security risk management, does not specify any particular method for managing the risks associated with information security, but a general approach. It is up to the organization to devise control objectives that would reflect specific approaches to risk management and the degree of assurance required.
 There are several models, methodologies and tools amongst which those like CRAMM (United Kingdom, Insight Consulting), Risicare/Mehari (France, Clusif), GSTool (Germany, ITGrundschutz). The theoretical model of the mentioned methodologies is hard to put in practice without experience required from the members of the risk analysis team. Using the appropriate risk assessment solution, an organization can devise its own security requirements.

Full Text
Paper version not known

Talk to us

Join us for a 30 min session where you can share your feedback and ask us any queries you have

Schedule a call

Similar Papers

Paper Title
Journal
Date
Author
A code of practice for effective information security risk management using COBIT 5
Walid Al-Ahmad ... Basil Mohammed
-
Walid Al-Ahmad, et. al.Walid Al-Ahmad ... Basil Mohammed
01 Nov 2015
ПРОБЛЕМЫ УПРАВЛЕНИЯ РИСКАМИ В СФЕРЕ ИНФОРМАЦИОННОЙ БЕЗОПАСНОСТИ
Igor B Bakin ... Sofiya M Shvedova
RSUH/RGGU Bulletin. Series Information Science. Information Security. Mathematics | VOL. -
Igor B Bakin, et. al.Igor B Bakin ... Sofiya M Shvedova
01 Jan 2023
Security Risk Management Methodology for Distributed Ledger Systems
Anatoly P Durakovskiy ... Victor S Gorbatov
-
Anatoly P Durakovskiy, et. al.Anatoly P Durakovskiy ... Victor S Gorbatov
01 Jan 2021
RİSK MANAGEMENT IN İNFORMATİON EXCHANGE
Bakshali Bakhtiyarov, Vugar Mammadov Bakshali Bakhtiyarov, Vugar Mammadov
PAHTEI-Procedings of Azerbaijan High Technical Educational Institutions | VOL. 35
Bakshali Bakhtiyarov, Vugar Mammadov Bakshali Bakhtiyarov, Vugar MammadovBakshali Bakhtiyarov, Vugar Mammadov Bakshali Bakhtiyarov, Vugar Mammadov
08 Dec 2023
View more papers

More From: Central and Eastern European eDem and eGov Days

Paper Title
Journal
Date
Author
The power of virtuality as a challenge for governments: A post-state dystopia
Norbert Kis
Central and Eastern European eDem and eGov Days | VOL. 335
Norbert KisNorbert Kis
17 Mar 2022
Degree of eGovernment Development and Level of Informal Economy - A Nudge from the Covid-19 Pandemic?
Adriana Zait ... Ioana Alexandra Horodnic
Central and Eastern European eDem and eGov Days | VOL. 341
Adriana Zait, et. al.Adriana Zait ... Ioana Alexandra Horodnic
17 Mar 2022
Empirical Analysis
Alexander Prosser
Central and Eastern European eDem and eGov Days | VOL. 342
Alexander ProsserAlexander Prosser
17 Mar 2022
The new customisable electronic administration user interface in Hungary
Anna Orbán
Central and Eastern European eDem and eGov Days | VOL. 335
Anna OrbánAnna Orbán
17 Mar 2022
View more papers

Disclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.