Towards a Systematic Approach for Improving Information Security Risk Management Methods

The management of information security risk is a major concern of organizations worldwide. Although, the number of existing information security risk management methods is enormous, in practice a lot of time, effort and knowledge are invested by organizations in the process of creating new information security risk management methods. Surprisingly, the study of literature reveals a lack of sufficient research concerning the process of developing new, or improving existing, information security risk management methods. Therefore, in this paper we operate within the paradigm of design science research in order to propose a systematic process for the development of new, or improvement of existing, information security risk management methods. Furthermore, this effort emphasizes the effective utilization of pre-existing and new knowledge on information security risk management created throughout the process.

[1]  Andreas Abecker,et al.  Knowledge Asset Management , 2003, Advanced Information and Knowledge Processing.

[2]  T. Kuhn The Structure of Scientific Revolutions 2nd edition , 1970 .

[3]  Salvatore T. March,et al.  Design and natural science research on information technology , 1995, Decis. Support Syst..

[4]  T. Kuhn,et al.  The Structure of Scientific Revolutions. , 1964 .

[5]  Lotfi A. Zadeh,et al.  The concept of a linguistic variable and its application to approximate reasoning - II , 1975, Inf. Sci..

[6]  Paul Fischbeck,et al.  Multi-attribute risk assessment , 2002 .

[7]  Alan R. Hevner,et al.  Design Science in Information Systems Research , 2004, MIS Q..

[8]  James Backhouse,et al.  Current directions in IS security research: towards socio‐organizational perspectives , 2001, Inf. Syst. J..

[9]  Mikko T. Siponen,et al.  Analysis of modern IS security development approaches: towards the next generation of social and adaptable ISS methods , 2005, Inf. Organ..

[10]  Sandeep Purao,et al.  Design Research in the Technology of Information Systems: Truth or Dare , 2002 .

[11]  Chen-Tung Chen,et al.  Extensions of the TOPSIS for group decision-making under fuzzy environment , 2000, Fuzzy Sets Syst..

[12]  TakedaHideaki,et al.  Modeling design processes , 1990 .

[13]  Herbert A. Simon,et al.  The Sciences of the Artificial - 3rd Edition , 1981 .

[14]  Helen L. Armstrong Managing Information Security in Healthcare - an Action Research Experience , 2000, SEC.

[15]  Lotfi A. Zadeh,et al.  The Concepts of a Linguistic Variable and its Application to Approximate Reasoning , 1975 .

[16]  L. A. ZADEH,et al.  The concept of a linguistic variable and its application to approximate reasoning - I , 1975, Inf. Sci..

[17]  Herbert A. Simon,et al.  The Sciences of the Artificial , 1970 .

[18]  T. Kuhn The structure of scientific revolutions, 3rd ed. , 1996 .

[19]  Ketil Stølen,et al.  The CORAS approach for model-based risk management applied to a telemedicine service , 2003, MIE.

[20]  Imre Lakatos,et al.  The Methodology of Scientific Research Programmes , 1978 .