Developing an Information Security Risk Taxonomy and an Assessment Model using Fuzzy Petri Nets

In the digital era, organization-wide information security risk assessment has gained importance because it can impact businesses in many ways. In this article, the authors propose a model to assess the information security risk using Fuzzy Petri Nets (FPN). Deeply rooted in the OCTAVE framework, this research presents a taxonomy of risk practice areas and risk factors. The authors apply the constituents of the taxonomy to risk assessment through a well-defined FPN model. The primary motive of the article is to extend the usability of FPNs to newer and less explored domains like audit and evaluation of information security risks. The unique contribution of this article is the definition and development of a comprehensive and measurable model of risk assessment and quantification. The model can also serve as a tool to capture the risk perception of the respondents for validating the criticality of risk and facilitate the top management to invest in information security control eco-system judiciously.

MoreLess

Year of publication:	2018
Authors:	Pramod, Dhanya ; Bharathi, S. Vijayakumar
Published in:	Journal of Cases on Information Technology (JCIT). - IGI Global, ISSN 1548-7725, ZDB-ID 2415112-9. - Vol. 20.2018, 3 (01.07.), p. 48-69
Publisher:	IGI Global
Subject:	Business Continuity Planning \| Database Security \| Governance and Risk Compliance \| NIST \| OCTAVE \| Operational \| Privacy \| Software Integrity \| Strategy \| Technical \| Vulnerability Assessment

More details

Type of publication:	Article
Language:	English
Other identifiers:	10.4018/JCIT.2018070104 [DOI]
Source:	Other ZBW resources

Persistent link: https://ebvufind01.dmz1.zbw.eu/10012048917