Risk assessment model for organizational information security
Information security risk assessment (RA) plays an important role in the organization’s future strategic planning. Generally there are two types of RA approaches: quantitative RA and qualitative RA. The quantitative RA is an objective study of the risk that use numerical data. On the other hand, the...
| Main Authors: | , , , |
|---|---|
| Format: | Article |
| Language: | English English |
| Published: |
Asian Research Publishing Network (ARPN)
2015
|
| Subjects: | |
| Online Access: | http://irep.iium.edu.my/47335/ http://irep.iium.edu.my/47335/ http://irep.iium.edu.my/47335/1/Dioubate%2C_Abdul_Molok%2C_Talib_%26_Md_Tap_-_Risk_assessment_model_for_organizational_information_security.pdf http://irep.iium.edu.my/47335/4/47335_Risk%20assessment%20model_SCOPUS.pdf |
| id |
iium-47335 |
|---|---|
| recordtype |
eprints |
| spelling |
iium-473352019-10-17T08:21:56Z http://irep.iium.edu.my/47335/ Risk assessment model for organizational information security Dioubate, Balla Mousa Abdul Molok, Nurul Nuha Talib, Shuhaili Md. Tap, Abu Osman HD61 Risk Management T58.6 Management information systems Information security risk assessment (RA) plays an important role in the organization’s future strategic planning. Generally there are two types of RA approaches: quantitative RA and qualitative RA. The quantitative RA is an objective study of the risk that use numerical data. On the other hand, the qualitative RA is a subjective evaluation based on judgment and experiences which does not operate on numerical data. It is difficult to conduct a purely quantitative RA method, because of the difficulty to comprehend numerical data alone without a subjective explanation. However, the qualitative RA does not necessarily demand the objectivity of the risks, although it is possible to conduct RA that is purely qualitative in nature. If implemented in silos, the limitations of both quantitative and qualitative methods may increase the likelihood of direct and indirect losses of an organization. This paper suggests a combined RA model from both quantitative and qualitative RA methods to be used for assessing information security risks. In order to interpret and apply the model, a prototype of RA for information security risks will be developed. This prototype will be evaluated by information security risk management experts from the industry. Feedback from the experts will be used to improve the proposed RA model. The implementation of an appropriate model ensures a successful RA method and prevent the organization from the natural and causal risks that are related to securing information assets. Asian Research Publishing Network (ARPN) 2015 Article PeerReviewed application/pdf en http://irep.iium.edu.my/47335/1/Dioubate%2C_Abdul_Molok%2C_Talib_%26_Md_Tap_-_Risk_assessment_model_for_organizational_information_security.pdf application/pdf en http://irep.iium.edu.my/47335/4/47335_Risk%20assessment%20model_SCOPUS.pdf Dioubate, Balla Mousa and Abdul Molok, Nurul Nuha and Talib, Shuhaili and Md. Tap, Abu Osman (2015) Risk assessment model for organizational information security. ARPN Journal of Engineering and Applied Sciences, 10 (23). pp. 17607-17613. ISSN 1819-6608 https://pdfs.semanticscholar.org/c5c9/1bf671737acb373db823c0a4bb59a6c424ce.pdf |
| repository_type |
Digital Repository |
| institution_category |
Local University |
| institution |
International Islamic University Malaysia |
| building |
IIUM Repository |
| collection |
Online Access |
| language |
English English |
| topic |
HD61 Risk Management T58.6 Management information systems |
| spellingShingle |
HD61 Risk Management T58.6 Management information systems Dioubate, Balla Mousa Abdul Molok, Nurul Nuha Talib, Shuhaili Md. Tap, Abu Osman Risk assessment model for organizational information security |
| description |
Information security risk assessment (RA) plays an important role in the organization’s future strategic planning. Generally there are two types of RA approaches: quantitative RA and qualitative RA. The quantitative RA is an objective study of the risk that use numerical data. On the other hand, the qualitative RA is a subjective evaluation based on judgment and experiences which does not operate on numerical data. It is difficult to conduct a purely quantitative RA method, because of the difficulty to comprehend numerical data alone without a subjective explanation. However, the qualitative RA does not necessarily demand the objectivity of the risks, although it is possible to conduct RA that is purely qualitative in nature. If implemented in silos, the limitations of both quantitative and qualitative methods may increase the likelihood of direct and indirect losses of an organization. This paper suggests a combined RA model from both quantitative and qualitative RA methods to be used for assessing information security risks. In order to interpret and apply the model, a prototype of RA for information security risks will be developed. This prototype will be evaluated by information security risk management experts from the industry. Feedback from the experts will be used to improve the proposed RA model. The implementation of an appropriate model ensures a successful RA method and prevent the organization from the natural and causal risks that are related to securing information assets. |
| format |
Article |
| author |
Dioubate, Balla Mousa Abdul Molok, Nurul Nuha Talib, Shuhaili Md. Tap, Abu Osman |
| author_facet |
Dioubate, Balla Mousa Abdul Molok, Nurul Nuha Talib, Shuhaili Md. Tap, Abu Osman |
| author_sort |
Dioubate, Balla Mousa |
| title |
Risk assessment model for organizational information security |
| title_short |
Risk assessment model for organizational information security |
| title_full |
Risk assessment model for organizational information security |
| title_fullStr |
Risk assessment model for organizational information security |
| title_full_unstemmed |
Risk assessment model for organizational information security |
| title_sort |
risk assessment model for organizational information security |
| publisher |
Asian Research Publishing Network (ARPN) |
| publishDate |
2015 |
| url |
http://irep.iium.edu.my/47335/ http://irep.iium.edu.my/47335/ http://irep.iium.edu.my/47335/1/Dioubate%2C_Abdul_Molok%2C_Talib_%26_Md_Tap_-_Risk_assessment_model_for_organizational_information_security.pdf http://irep.iium.edu.my/47335/4/47335_Risk%20assessment%20model_SCOPUS.pdf |
| first_indexed |
2023-09-18T21:07:22Z |
| last_indexed |
2023-09-18T21:07:22Z |
| _version_ |
1777411023049850880 |