Collective information structure model for Information Security Risk Assessment (ISRA)
Purpose – Information security has become an essential entity for organizations across the globe to eliminate the possible risks in their organizations by conducting information security risk assessment (ISRA). However, the existence of numerous different types of risk assessment methods, standards,...
Saved in:
| Main Authors: | , , , |
|---|---|
| Format: | Article |
| Published: |
Emerald
2015
|
| Subjects: | |
| Online Access: | http://dx.doi.org/10.1108/JSIT-02-2015-0013 http://dx.doi.org/10.1108/JSIT-02-2015-0013 http://eprints.uthm.edu.my/6992/1/p._siva_shamala_U.pdf |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| Summary: | Purpose – Information security has become an essential entity for organizations across the globe to
eliminate the possible risks in their organizations by conducting information security risk assessment
(ISRA). However, the existence of numerous different types of risk assessment methods, standards,
guidelines and specifications readily available causes the organizations to face the daunting tasks in
determining the most suitable method that would augur well in meeting their needs. Therefore, to
overcome this tedious process, this paper suggests collective information structure model for ISRA.
Design/methodology/approach – The proposed ISRA model was developed by deploying a
questionnaire using close-ended questions administrated to a group of information security
practitioners in Malaysia (N=80). The purpose of the survey was to strengthen and add more relevant
additional features to the existing framework, as it was developed based on secondary data.
Findings – Previous comparative and analyzed studies reveals that all the six types of ISRA
methodologies have features of the same kind of information with a slight difference in form. Therefore,
questionnaires were designed to insert additional features to the research framework. All the additional
features chosen were based on high frequency of more than half percentage agreed responses from
respondents. The analyses results inspire in generating a collective information structure model which
more practical in the real environment of the workplace. |
|---|