Overview of Enterprise Information Needs in Information Security Risk Assessment

被引：13

作者：

Korman, Matus ^{[1
]}

Ekstedt, Mathias ^{[1
]}

Sommestad, Teodor ^{[2
]}

Hallberg, Jonas ^{[2
]}

Bengtsson, Johan ^{[2
]}

机构：

[1] KTH, Royal Inst Technol, S-10044 Stockholm, Sweden

[2] FOI, Swedish Def Res Agcy, S-58330 Linkoping, Sweden

来源：

PROCEEDINGS OF THE 2014 IEEE 18TH INTERNATIONAL ENTERPRISE DISTRIBUTED OBJECT COMPUTING CONFERENCE (EDOC 2014) | 2014年

关键词：

MANAGEMENT;

D O I：

10.1109/EDOC.2014.16

中图分类号：

TP301 [理论、方法];

学科分类号：

081202 ;

摘要：

Methods for risk assessment in information security suggest users to collect and consider sets of input information, often notably different, both in type and size. To explore these differences, this study compares twelve established methods on how their input suggestions map to the concepts of ArchiMate, a widely used modeling language for enterprise architecture. Hereby, the study also tests the extent, to which ArchiMate accommodates the information suggested by the methods (e.g., for the use of ArchiMate models as a source of information for risk assessment). Results of this study show how the methods differ in suggesting input information in quantity, as well as in the coverage of the ArchiMate structure. Although the translation between ArchiMate and the methods' input suggestions is not perfect, our results indicate that ArchiMate is capable of modeling fair portions of the information needed for the methods for information security risk assessment, which makes ArchiMate models a promising source of guidance for performing risk assessments.

引用

页码：42 / 51

页数：10

共 50 条

[1] A Formal Methodology for Enterprise Information Security Risk Assessment
Bhattacharjee, Jaya
Sengupta, Anirban
Mazumdar, Chandan
2013 INTERNATIONAL CONFERENCE ON RISKS AND SECURITY OF INTERNET AND SYSTEMS (CRISIS), 2013,
[2] Overview of Information Security Management-Based on Enterprise Risk Management
She, Jing-Huai
Zhang, Run-Qiang
She, Yuan
Hou, Bing-Xin
INTERNATIONAL CONFERENCE ON COMPUTER NETWORKS AND INFORMATION SECURITY (CNIS 2015), 2015, : 384 - 387
[3] Enterprise information systems within the context of information security: a risk assessment for a health organization in Turkey
Eroglu, Sahika
Cakmak, Tolga
INTERNATIONAL CONFERENCE ON ENTERPRISE INFORMATION SYSTEMS/INTERNATIONAL CONFERENCE ON PROJECT MANAGEMENT/INTERNATIONAL CONFERENCE ON HEALTH AND SOCIAL CARE INFORMATION SYSTEMS AND TECHNOLOGIES, CENTERIS/PROJMAN / HCIST 2016, 2016, 100 : 979 - 986
[4] Assessment of enterprise information security - The importance of prioritization
Johansson, E
Johnson, P
Ninth IEEE International EDOC Enterprise Computing Conference, Proceedings, 2005, : 207 - 218
[5] Enterprise Risk Management and Information Systems Security Risk
Olson, David L.
Wu, Desheng
PROCEEDINGS OF THE 3RD INTERNATIONAL CONFERENCE ON RISK MANAGEMENT & GLOBAL E-BUSINESS, VOLS I AND II, 2009, : 1 - 5
[6] Research on Enterprise Information Security Risk Management
Wu Xiaoyan
Yuan Hong
Lin Hua
PROCEEDINGS OF THE 10TH INTERNATIONAL CONFERENCE ON INNOVATION AND MANAGEMENT, 2013, : 924 - +
[7] Application of Big Data Technology in Enterprise Information Security Management and Risk Assessment
Wang, Yawen
Xue, Weixian
Zhang, Anqi
JOURNAL OF GLOBAL INFORMATION MANAGEMENT, 2023, 31 (03)
[8] Research on Operating Data Analysis for Enterprise Intranet Information Security Risk Assessment
Wang, Hao
Li, Junhao
Liu, Dong
PROCEEDINGS OF 2018 12TH IEEE INTERNATIONAL CONFERENCE ON ANTI-COUNTERFEITING, SECURITY, AND IDENTIFICATION (ASID), 2018, : 72 - 76
[9] AN APPROACH FOR DESIGNING OF ENTERPRISE IT LANDSCAPES TO PERFORM QUANTITAVE INFORMATION SECURITY RISK ASSESSMENT
Romanov, Anton
Okamoto, Eiji
SECRYPT 2009: PROCEEDINGS OF THE INTERNATIONAL CONFERENCE ON SECURITY AND CRYPTOGRAPHY, 2009, : 313 - 318
[10] Enterprise Information Security Assessment Using Balanced Scorecard
Fatkieva, R.
Krupina, A.
ADVANCES IN AUTOMATION, 2020, 641 : 1147 - 1157

← 1 2 3 4 5 →