Developing a Risk Analysis Strategy Framework for Impact Assessment in Information Security Management Systems: A Case Study in IT Consulting Industry

Kitsios, Fotis; Chatzidimitriou, Elpiniki; Kamariotou, Maria

doi:10.3390/su14031269

Cited by 14 publications

(10 citation statements)

References 57 publications

Supporting

Mentioning

Contrasting

Unclassified

Order By: Relevance

“…The envisaged framework for risk analysis typically includes three main components: risk assessment, risk management, and risk communication (Kitsios et al, 2022). Risk assessment involves identifying and characterizing risks, while risk management focuses on controlling and mitigating risks.…”

Section: Clarity Of Framework Developmentmentioning

confidence: 99%

Non-life insurance: The state of the art of determining the superior method for pricing automobile insurance premiums using archival technique

Buthelezi,

Hungwe,

Seeletse

et al. 2024

IJRBS

View full text Add to dashboard Cite

The pricing of insurance premiums in the non-life insurance sector remains a challenging and complex task. It demands a delicate balance between accurately estimating risk exposure and ensuring profitability for insurers. Generalised Linear Regression Models (GLMs) have become the preferred methods for premium price modelling in the motor insurance sector. While the approach of using a single superior model on which predictions are based ignores the use of robust estimator models. This paper examines various methodologies and sheds light on superiority of twenty-two models compared to each other for pricing automobile insurance. These methods vary from traditional actuarial methods to the modern statistical models such as machine learning algorithms. By using archival technique, their inferiority and superiority are explored, considering the ever-changing landscape of risk factors and market dynamics. Furthermore, it highlights the potential benefits of leveraging these methods and the mechanism for pricing short-term insurance, particularly in motor vehicle insurance. It also develops a framework that can be used in pricing to cater to risk analysis constituents to mitigate uncertainties and provide good services to clients. Our findings show that ANN, NN, XGB, random forest (RF) are superior models, and we conclude that the modern statistical methods can accurately estimate the risk exposure as compared to traditional methods such as the GLMs.

show abstract

Section: Clarity Of Framework Developmentmentioning

confidence: 99%

Non-life insurance: The state of the art of determining the superior method for pricing automobile insurance premiums using archival technique

Buthelezi,

Hungwe,

Seeletse

et al. 2024

IJRBS

View full text Add to dashboard Cite

show abstract

“…Based on the analysis of studies [1][2][3][4][5][6][7][21][22][23][24], a categorical model of causal relationships between vulnerabilities and threats in the field of information security was systematized and built (Table 1, Fig. 1).…”

Section: Construction Of a Categorical Model Of Causal Relationships ...mentioning

confidence: 99%

“…Loss of confidentiality, availability or integrity does not affect the organization's monetary losses, legal, contractual obligations and/or reputation A scale and a risk level matrix were used to measure the recognized risk [24]. The final measure of risk is obtained by multiplying the rating given by the probability of the threat and the effect of the threat:…”

Section: Systematization Of the Risk Assessment Process And Developme...mentioning

confidence: 99%

Development of a mechanism for information security risk management of transport service provision systems

Melnychenko,

Ignatenko,

Tsybulskyi

et al. 2024

EEJET

View full text Add to dashboard Cite

The object of the study is the process of analysis, assessment, and management of information security risks in transport service provision systems. The problem of applying the information security risk management approach in the activities of transport business entities was investigated. As a result of the application of effective forms, methods, and means of information security risk management based on international standards, a risk management mechanism was developed. The risk assessment process of transport systems has been systematized. This allows business entities in the transport sector to determine ways to prevent and counter information threats and challenges in their activities, both when designing and operating systems for providing transport services. Verification of the devised methodical approach to information security risk management was carried out on an example of the taxi company «Taxifay N». Threats and challenges of the company’s information system were evaluated by an expert method. Based on the results of the analysis of expert risk assessment, it was found that the concordance coefficient (0.86) confirms the high level of agreement of experts’ opinions. As a result, the company’s information security risk management program was developed. The effectiveness of the program was assessed by the efficiency ratio, which was 0.64. This testifies to the effectiveness of the implemented program of measures to manage information security risks. The scope of application may be the activity of business entities that provide transport services to the population, aimed at data storage and processing. The prospect of this study is to expand the list of threats and categories of vulnerabilities depending on the characteristics of the economic activity of various enterprises

show abstract

“…Furthermore, a resilient cybersecurity framework contributes significantly to the overall risk management strategy of a business. By integrating cybersecurity into the broader risk management framework, organizations can align their security measures with strategic objectives [14]. This alignment ensures that cybersecurity investments are not only seen as a necessity for compliance but are also strategically embedded in the business strategy, enhancing the overall resilience of the organization [15].…”

Section: Literature Review a Cyber Resilience For Business Continuitymentioning

confidence: 99%

Cyber Resilience Framework: Strengthening Defenses and Enhancing Continuity in Business Security

AL-Hawamleh

2024

IJCDS

View full text Add to dashboard Cite

This study presents a comprehensive Cybersecurity Resilience Framework designed to fortify organizational defenses against the evolving landscape of cyber threats while enhancing business continuity. The aim is to provide businesses with a robust and adaptive strategy that extends beyond traditional cybersecurity paradigms. This study employs a methodology grounded in an extensive cybersecurity literature review to inform the conceptualization and iterative development of a resilient framework, integrating key elements from established sources and aligning with industry wisdom. By integrating governance and leadership principles, collaboration with external stakeholders, and continuous monitoring, the framework fosters a holistic approach to cyber resilience. Leveraging a behavioral perspective, the study explores human factors, user awareness, and decision-making processes, recognizing the critical role of organizational culture in fostering a cybersecurity-aware ethos. Findings reveal a roadmap that includes technology resilience, regular audits, and assessments, emphasizing evidence-based improvements. The framework addresses resource constraints, regulatory variability, and the dynamic threat landscape, promoting adaptability in the face of diverse organizational contexts. The significance of this study lies in its contribution to the ongoing evolution of cyber resilience strategies, offering organizations a practical guide to navigate the complexities of the digital realm. As businesses increasingly rely on interconnected technologies, this framework stands as a vital tool for enhancing security, safeguarding critical assets, and ensuring continuity in the face of an ever-changing cyber threat landscape.

show abstract

Developing a Risk Analysis Strategy Framework for Impact Assessment in Information Security Management Systems: A Case Study in IT Consulting Industry

Cited by 14 publications

References 57 publications

Non-life insurance: The state of the art of determining the superior method for pricing automobile insurance premiums using archival technique

Non-life insurance: The state of the art of determining the superior method for pricing automobile insurance premiums using archival technique

Development of a mechanism for information security risk management of transport service provision systems

Cyber Resilience Framework: Strengthening Defenses and Enhancing Continuity in Business Security

Contact Info

Product

Resources

About