论文信息 - A framework for comparing different information security risk analysis methodologies

A framework for comparing different information security risk analysis methodologies

Organisations wanting to conduct information security risk analysis may find selecting a methodology problematic. Currently there are numerous risk analysis methodologies available, some of which are qualitative while others are more quantitative in nature. These methodologies have a common goal of estimating the overall risk value. An organisation must select the most appropriate methodology based on its specific needs. This article addresses the problem by presenting a framework that can be used to compare different risk analysis methodologies. Five methodologies, which are currently available, were analysed in order to establish the framework for comparison.

Les Labuschagne | Anita Vorster | L. Labuschagne | A. Vorster

[1] Ketil Stølen,et al. Model-based risk assessment to improve enterprise security , 2002, Proceedings. Sixth International Enterprise Distributed Object Computing.

[2] Jan H. P. Eloff,et al. A comparative framework for risk analysis methods , 1993, Comput. Secur..

[3] Christopher J. Alberts,et al. Managing Information Security Risks: The OCTAVE Approach , 2002 .

[4] Ibrahim Sogukpinar,et al. ISRAM: information security risk analysis method , 2005, Comput. Secur..

[5] Ketil Stølen,et al. The CORAS Framework for a Model-Based Risk Management Process , 2002, SAFECOMP.

[6] Ingoo Han,et al. The IS risk analysis based on a business model , 2003, Inf. Manag..

[7] Brian Ritchie,et al. Integrating Model-based Security Risk Management into eBusiness Systems Development: The CORAS Approach , 2002, I3E.

[8] Harold F. Tipton,et al. Information Security Management , 2000 .

[9] Ketil Stølen,et al. The coras approach for model-based risk management applied to e-commerce domain , 2002, Communications and Multimedia Security.

[10] Ketil Stølen,et al. The CORAS Tool-Supported M ethodology for UM L-Based Security Analysis , 2004 .