Risk assessment of information production using extended risk matrix approach

In many cases poor information quality appears mainly due to in-effectiveness of information management including information production and delivery. Where this situation poses a certain risk. A holistic information risk management model has been previously proposed. But the model has some limitations especially on risk calculation and risk priority ranking as the model does not consider existing control effectiveness. In this paper, a new risk assessment method is proposed in order to improve the model of total impact of risks and to improve the accuracy of risk priority ranking by modifying the extended risk matrix approach (RMA) where we take into account the existing control effectiveness. Using our approach by adding a new dimension on extended RMA. We are able to improve the accuracy (7.15%) and reduced the ambiguity (1.34) of assessment results on real cases illustration.

[1]  Mustafa Elmontsri,et al.  Review of the strengths and weaknesses of risk matrices , 2014 .

[2]  Albarda Albarda Characteristics in Classification of Information Use (IU) , 2014 .

[3]  P. S. Tan,et al.  An extended risk matrix approach for supply chain risk assessment , 2013, 2013 IEEE International Conference on Industrial Engineering and Engineering Management.

[4]  Suhono Harso Supangkat,et al.  Information Interchange Layer based on Classification of Information Use (IU) , 2014 .

[5]  Richard Y. Wang,et al.  IP-MAP: Representing the Manufacture of an Information Product , 2000, IQ.

[6]  Jane P. Laudon,et al.  Management Information Systems: Managing the Digital Firm , 2010 .

[7]  Kridanto Surendro,et al.  Threat Scenario Dependency-Based Model of Information Security Risk Analysis , 2010 .

[8]  Dai Ming,et al.  Risk Assessment Model of Information Security for Transportation Industry System Based on Risk Matrix , 2014 .

[9]  Zhu Qichao,et al.  Risk Matrix Method and Its Application in the Field of Technical Project Risk Management , 2003 .

[10]  Yan Chen,et al.  A Risk Matrix Approach Based on Clustering Algorithm , 2013 .

[11]  Richard Y. Wang,et al.  Data Quality , 2000, Advances in Database Systems.

[12]  Albarda,et al.  Improvement of business process in order to manage the quality of information , 2013, International Conference on ICT for Smart Society.

[13]  Philip Woodall,et al.  Towards a process for total information risk management , 2011, ICIQ.

[14]  H. Ni,et al.  Some extensions on risk matrix approach , 2010 .

[15]  Chris Higson,et al.  Valuing Information as an Asset , 2010 .

[16]  Jian Li,et al.  Marketing outsourcing risk assessment in the real estate based on risk matrix model , 2011, Proceedings of International Conference on Information Systems for Crisis Response and Management (ISCRAM).