Although the existence of an established body of knowledge, risk managers still strive to find a suitable risk information model that should be used in information security process. The purpose of this document is to capture key concepts of information risk management. It includes all information and / or assets associated with the information that are used in the organization or that may have an impact on information security. When it comes to implementation, information security risk management is a challenging process, because risk factors are constantly changing, due to rapidly changing technologies and the attacker’s knowledge level. However, the main issue of our approaches is set a baseline to define the requirements for establishing, implementing, maintain and continually improving an information security management system.
[1]
Yulia Cherdantseva,et al.
Secure*BPMN : a graphical extension for BPMN 2.0 based on a reference model of information assurance & security
,
2014
.
[2]
Jason Andress.
The basics of information security - understanding the fundamentals of InfoSec in theory and practice, Second edition
,
2011
.
[3]
Thomas Peltier.
Information Security Policies, Procedures, and Standards: Guidelines for Effective Information Security Management
,
2001
.
[4]
Rossouw von Solms,et al.
From information security to cyber security
,
2013,
Comput. Secur..