Cover Image

Risk assessment model for organizational information security

Information security risk assessment (RA) plays an important role in the organization’s future strategic planning. Generally there are two types of RA approaches: quantitative RA and qualitative RA. The quantitative RA is an objective study of the risk that use numerical data. On the other hand, the...

Full description

Saved in:
Bibliographic Details
Main Authors: Dioubate, Balla Mousa, Abdul Molok, Nurul Nuha, Talib, Shuhaili, Md. Tap, Abu Osman
Format: Article
Language:English
English
Published: Asian Research Publishing Network (ARPN) 2015
Subjects:
HD61 Risk Management
T58.6 Management information systems
Online Access:http://irep.iium.edu.my/47335/1/Dioubate%2C_Abdul_Molok%2C_Talib_%26_Md_Tap_-_Risk_assessment_model_for_organizational_information_security.pdf
http://irep.iium.edu.my/47335/4/47335_Risk%20assessment%20model_SCOPUS.pdf
http://irep.iium.edu.my/47335/
https://pdfs.semanticscholar.org/c5c9/1bf671737acb373db823c0a4bb59a6c424ce.pdf
Tags: Add Tag
No Tags, Be the first to tag this record!
id my.iium.irep.47335
record_format dspace
spelling my.iium.irep.473352019-10-17T08:21:56Z http://irep.iium.edu.my/47335/ Risk assessment model for organizational information security Dioubate, Balla Mousa Abdul Molok, Nurul Nuha Talib, Shuhaili Md. Tap, Abu Osman HD61 Risk Management T58.6 Management information systems Information security risk assessment (RA) plays an important role in the organization’s future strategic planning. Generally there are two types of RA approaches: quantitative RA and qualitative RA. The quantitative RA is an objective study of the risk that use numerical data. On the other hand, the qualitative RA is a subjective evaluation based on judgment and experiences which does not operate on numerical data. It is difficult to conduct a purely quantitative RA method, because of the difficulty to comprehend numerical data alone without a subjective explanation. However, the qualitative RA does not necessarily demand the objectivity of the risks, although it is possible to conduct RA that is purely qualitative in nature. If implemented in silos, the limitations of both quantitative and qualitative methods may increase the likelihood of direct and indirect losses of an organization. This paper suggests a combined RA model from both quantitative and qualitative RA methods to be used for assessing information security risks. In order to interpret and apply the model, a prototype of RA for information security risks will be developed. This prototype will be evaluated by information security risk management experts from the industry. Feedback from the experts will be used to improve the proposed RA model. The implementation of an appropriate model ensures a successful RA method and prevent the organization from the natural and causal risks that are related to securing information assets. Asian Research Publishing Network (ARPN) 2015 Article PeerReviewed application/pdf en http://irep.iium.edu.my/47335/1/Dioubate%2C_Abdul_Molok%2C_Talib_%26_Md_Tap_-_Risk_assessment_model_for_organizational_information_security.pdf application/pdf en http://irep.iium.edu.my/47335/4/47335_Risk%20assessment%20model_SCOPUS.pdf Dioubate, Balla Mousa and Abdul Molok, Nurul Nuha and Talib, Shuhaili and Md. Tap, Abu Osman (2015) Risk assessment model for organizational information security. ARPN Journal of Engineering and Applied Sciences, 10 (23). pp. 17607-17613. ISSN 1819-6608 https://pdfs.semanticscholar.org/c5c9/1bf671737acb373db823c0a4bb59a6c424ce.pdf
institution Universiti Islam Antarabangsa Malaysia
building IIUM Library
collection Institutional Repository
continent Asia
country Malaysia
content_provider International Islamic University Malaysia
content_source IIUM Repository (IREP)
url_provider http://irep.iium.edu.my/
language English
English
topic HD61 Risk Management
T58.6 Management information systems
spellingShingle HD61 Risk Management
T58.6 Management information systems
Dioubate, Balla Mousa
Abdul Molok, Nurul Nuha
Talib, Shuhaili
Md. Tap, Abu Osman
Risk assessment model for organizational information security
description Information security risk assessment (RA) plays an important role in the organization’s future strategic planning. Generally there are two types of RA approaches: quantitative RA and qualitative RA. The quantitative RA is an objective study of the risk that use numerical data. On the other hand, the qualitative RA is a subjective evaluation based on judgment and experiences which does not operate on numerical data. It is difficult to conduct a purely quantitative RA method, because of the difficulty to comprehend numerical data alone without a subjective explanation. However, the qualitative RA does not necessarily demand the objectivity of the risks, although it is possible to conduct RA that is purely qualitative in nature. If implemented in silos, the limitations of both quantitative and qualitative methods may increase the likelihood of direct and indirect losses of an organization. This paper suggests a combined RA model from both quantitative and qualitative RA methods to be used for assessing information security risks. In order to interpret and apply the model, a prototype of RA for information security risks will be developed. This prototype will be evaluated by information security risk management experts from the industry. Feedback from the experts will be used to improve the proposed RA model. The implementation of an appropriate model ensures a successful RA method and prevent the organization from the natural and causal risks that are related to securing information assets.
format Article
author Dioubate, Balla Mousa
Abdul Molok, Nurul Nuha
Talib, Shuhaili
Md. Tap, Abu Osman
author_facet Dioubate, Balla Mousa
Abdul Molok, Nurul Nuha
Talib, Shuhaili
Md. Tap, Abu Osman
author_sort Dioubate, Balla Mousa
title Risk assessment model for organizational information security
title_short Risk assessment model for organizational information security
title_full Risk assessment model for organizational information security
title_fullStr Risk assessment model for organizational information security
title_full_unstemmed Risk assessment model for organizational information security
title_sort risk assessment model for organizational information security
publisher Asian Research Publishing Network (ARPN)
publishDate 2015
url http://irep.iium.edu.my/47335/1/Dioubate%2C_Abdul_Molok%2C_Talib_%26_Md_Tap_-_Risk_assessment_model_for_organizational_information_security.pdf
http://irep.iium.edu.my/47335/4/47335_Risk%20assessment%20model_SCOPUS.pdf
http://irep.iium.edu.my/47335/
https://pdfs.semanticscholar.org/c5c9/1bf671737acb373db823c0a4bb59a6c424ce.pdf
_version_ 1648739682461155328
score 13.160551

Similar Items