The Community for Technology Leaders
Green Image
Issue No. 02 - March/April (2011 vol. 9)
ISSN: 1540-7993
pp: 58-65
Andreas Ekelhart , SBA Research
Stefan Fenz , Vienna University of Technology
ABSTRACT
Over the past four decades, various information security risk management (ISRM) approaches have emerged. However, there is a lack of sound verification, validation, and evaluation methods for these approaches. Although restrictions, such as the impossibility of measuring exact values for probabilities and follow-up costs, obviously exist, verification, validation, and evaluation of research is essential in any field, and ISRM is no exception. So far, there is no systematic overview of the available methods. In this article, the authors survey verification, validation, and evaluation methods referenced in ISRM literature and discuss which ISRM phase to apply the methods. They then demonstrate how to select appropriate methods with a real-world example. This systematic analysis draws conclusions on the current status of ISRM verification, validation, and evaluation and can serve as a reference for ISRM researchers and users who aim to establish trust in their results.
INDEX TERMS
risk management, review and evaluation, security and protection
CITATION
Andreas Ekelhart, Stefan Fenz, "Verification, Validation, and Evaluation in Information Security Risk Management", IEEE Security & Privacy, vol. 9, no. , pp. 58-65, March/April 2011, doi:10.1109/MSP.2010.117
90 ms
(Ver 3.3 (11022016))