|
| This Article | ||
| ||
| Share | ||
| Bibliographic References | ||
| Add to: | ||
 Digg  Furl  Spurl  Blink  Simpy  Google  Del.icio.us  Y!MyWeb | ||
| Search | ||
| ||
2010 Fourth International Conference on Network and System Security
Business Process-Based Information Security Risk Assessment
Melbourne, Victoria Australia
September 01-September 03
ISBN: 978-0-7695-4159-4
| ASCII Text | x | ||
| Kobra Khanmohammadi, Siv Hilde Houmb, "Business Process-Based Information Security Risk Assessment," Network and System Security, International Conference on, pp. 199-206, 2010 Fourth International Conference on Network and System Security, 2010. | |||
| BibTex | x | ||
| @article{ 10.1109/NSS.2010.37, author = {Kobra Khanmohammadi and Siv Hilde Houmb}, title = {Business Process-Based Information Security Risk Assessment}, journal ={Network and System Security, International Conference on}, volume = {0}, year = {2010}, isbn = {978-0-7695-4159-4}, pages = {199-206}, doi = {http://doi.ieeecomputersociety.org/10.1109/NSS.2010.37}, publisher = {IEEE Computer Society}, address = {Los Alamitos, CA, USA}, } | |||
| RefWorks Procite/RefMan/Endnote | x | ||
| TY - CONF JO - Network and System Security, International Conference on TI - Business Process-Based Information Security Risk Assessment SN - 978-0-7695-4159-4 SP199 EP206 A1 - Kobra Khanmohammadi, A1 - Siv Hilde Houmb, PY - 2010 KW - Risk management KW - Business process KW - Information security KW - Risk assessment KW - Process management KW - Information management VL - 0 JA - Network and System Security, International Conference on ER - | |||
DOI Bookmark: http://doi.ieeecomputersociety.org/10.1109/NSS.2010.37
Limited information security budget in organizations make it necessary to effectively prioritize among security requirements. The goal is to make the most out of the available budget and to achieve a balanced overall security level. This leads to maximize the investment outcome. Many existing information security risk assessment approaches identify and assess risks to critical assets and are asset-driven approaches. These are limited in that it is hard to keep track of dependencies between assets and to produce realistic estimates of their values to an organization. We present a new security risk assessment approach focusing on business goals rather than assets and the processes supporting or contributing to these goals. Risks are identified and evaluated on a business process level and aggregated over all such processes depending on their criticality, role and importance for the organization as a whole. We illustrate our approach using examples from the banking industry, as well as discuss how our approach deals with some of the ambiguities involved in expert intensive and asset-driven information security risk assessment.
Index Terms:
Risk management, Business process, Information security, Risk assessment, Process management, Information management
Citation:
Kobra Khanmohammadi, Siv Hilde Houmb, "Business Process-Based Information Security Risk Assessment," nss, pp.199-206, 2010 Fourth International Conference on Network and System Security, 2010
Usage of this product signifies your acceptance of the Terms of Use.