Reliability Analysis of Risk Model Metrics Based on Business Approach in Information Security

Received: 20 April 2020 Accepted: 16 July 2020 Threat of information security has impact to business of organization. Therefore, the development of information security risk model should consider business perspective. In order to develop new risk model, defining metrics is important process. It can be conducted by theoretical analysis, validity analysis and reliability analysis. Theoretical analysis and validity analysis had been performed in previous work. Furthermore, reliability analysis is performed in this paper. Cronbach's Alpha is required as method to measure reliability coefficient from five proposed metrics namely reputation, financial impact, critical level, business type of organization, and size of organization. Reliability analysis from proposed metrics results coefficient between 0.70-0.91. Based on previous researches, metric is reliable if it has coefficient greater than 0.65. Therefore, proposed metrics have adequate reliability to be used as metrics of risk model.

[1]  Marcin Niemiec,et al.  IT risk assessment and penetration test: Comparative analysis of IT controls verification techniques , 2016, 2016 International Conference on Information and Digital Technologies (IDT).

[2]  Alireza Tamjidyamcholo,et al.  Application of fuzzy set theory to evaluate the rate of aggregative risk in information security , 2013, 2013 International Conference on Research and Innovation in Information Systems (ICRIIS).

[3]  Rufina C. Rosaroso USING RELIABILITY MEASURES IN TEST VALIDATION , 2015 .

[4]  Hong Yan,et al.  The research on index system optimization of graduation design based on Cronbach coefficient , 2010, 2010 5th International Conference on Computer Science & Education.

[5]  Gail M. Sullivan,et al.  Analyzing and interpreting data from likert-type scales. , 2013, Journal of graduate medical education.

[6]  Gerta Bardhoshi,et al.  Processes and Procedures for Estimating Score Reliability and Precision , 2017 .

[7]  Mohamed Cheriet,et al.  Taxonomy of information security risk assessment (ISRA) , 2016, Comput. Secur..

[8]  Martin Suhartana Modeling of Risk Factors in Determining Network Security Level , 2014 .

[9]  Paulus Insap Santosa,et al.  Metrics analysis of risk profile: A perspective on business aspects , 2018, 2018 International Conference on Information and Communications Technology (ICOIACT).

[10]  Tim Watson,et al.  Motivation and opportunity based model to reduce information security insider threats in organisations , 2018, J. Inf. Secur. Appl..

[11]  J. Vaske,et al.  Rethinking Internal Consistency in Cronbach's Alpha , 2017 .

[12]  Neeraj Suri,et al.  Quantitative assessment of software vulnerabilities based on economic-driven security metrics , 2013, 2013 International Conference on Risks and Security of Internet and Systems (CRiSIS).

[13]  Is Cronbach’s alpha sufficient for assessing the reliability of the OSCE for an internal medicine course? , 2015, BMC Research Notes.

[14]  A. Worthington,et al.  Small and Medium-Sized Enterprises Financing: A Review of Literature , 2013 .

[15]  Wael A. Awad,et al.  Empirical assessment for security risk and availability in public Cloud frameworks , 2016, 2016 11th International Conference on Computer Engineering & Systems (ICCES).

[16]  Kambiz Ahmadi Angali,et al.  Assessing Reliability and Validity of an Instrument for Measuring Resilience Safety Culture in Sociotechnical Systems , 2017, Safety and health at work.

[17]  Ming Xiang He,et al.  Information Security Risk Assessment Based on Analytic Hierarchy Process , 2016 .

[18]  Nurul Fariza Zulkurnain,et al.  On the Review and Setup of Security Audit using Kali Linux , 2018, Indonesian Journal of Electrical Engineering and Computer Science.