Genre-Based Assessment of Information and Knowledge Security Risks

Padyab, Ali Mohammad; Päivärinta, Tero; Harnesk, Dan

doi:10.1109/hicss.2014.428

Cited by 16 publications

(27 citation statements)

References 41 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…In addition, knowledge-based methods [32] are also an effective means of risk identification. Finally, Padyab et al present a genre-based method for identifying risk named GBM-OA (Genre based method-OCTAVE Allegro) [33].…”

Section: Risk Identificationmentioning

confidence: 99%

A systematic review of information security risk assessment

Pan¹,

Tomlinson²

2016

Int. J. SAFE

View full text Add to dashboard Cite

Many standards exist to guide the process of risk assessment, particularly in the field of information security. This leads to many, subtly different, definitions of risk analysis, evaluation and assessment. Consequently, researchers often confuse these terms and disciplines, which leads to further confusion within the community. In this sense, it is important to come to a common understanding of the processes and terminology to clarify research in this area. A common approach to achieve this goal is to carry out a literature review. This paper takes a formal approach to the literature review based on the ideas of the Cochrane group. The result is a systematic review of risk assessment in the field of information security. We present a systematic review of over 80 research papers published between 2004 and 2014. The main contribution of our paper is to construct a classification of these published papers into seven types. This classification aims to help researchers obtain a clear and unbiased picture of the terminology, developments and trends of information security risk assessment in the academic sector. [6] present a conceptual framework of comparisons among well-documented ISRA guidelines including NIST 800-30, OCTAVE and ISRAM. Other authors are interested in the improvement of current risk analysis approaches by applying fuzzy theory [7,8] and AHP (Analytic Hierarchy Process) theory [9,10].However, to our knowledge, there has been no systematic overview of the ISRA research to analyse the emphasis of the work and the direction of future research. Consequently, this paper will apply the methodology of systematic review not only to summarize the related research papers, but also to present a classified framework of these papers. In order to not to confuse the phrases of risk analysis, risk assessment and risk evaluation, we will use their definitions from ISO 27005 in our systematic review. The aim of the classification framework is to help researchers obtain a clear picture about the research areas. According to this classification, researchers can find some study entry points in this sector. Researchers may also learn the advanced ISRA methods and find the connections between organizational level and academic level from this systematic review.

show abstract

Section: Risk Identificationmentioning

confidence: 99%

A systematic review of information security risk assessment

Pan¹,

Tomlinson²

2016

Int. J. SAFE

View full text Add to dashboard Cite

show abstract

“…Regarding the existing studies that discuss risks and risk management related to information and, more specifically, the concept of knowledge, the majority of existing literature provides a plain technical view on information and technological assets [6]- [10], ignoring that knowledge is bound to people [7]- [9] [11], and as a consequence, people [8]- [13] and especially their communication [7] [11] are significant sources of security risks that are related to information and knowledge protection.…”

Section: Introductionmentioning

confidence: 99%

“…According to our review of existing literature on knowledge security risk management, there are some papers that acknowledge the above types of challenges [17] [8] [12] [18] [7]. The approaches generally bring forth the strong need for knowledge-based risk management, especially, as well as various approaches for dealing with some major challenges related to it.…”

Section: Introductionmentioning

confidence: 99%

“…The approaches generally bring forth the strong need for knowledge-based risk management, especially, as well as various approaches for dealing with some major challenges related to it. Several authors [7]- [9] [12] [17] emphasize the importance of identifying knowledge assets in the knowledge security risk management process and provide different approaches and tools for assisting in the identification of knowledge assets. However, only one of the discovered previous models included a method and a tool for identifying threats related to knowledge assets: the Octave Allegro method and its worksheets [7].…”

Section: Introductionmentioning

confidence: 99%

“…Several authors [7]- [9] [12] [17] emphasize the importance of identifying knowledge assets in the knowledge security risk management process and provide different approaches and tools for assisting in the identification of knowledge assets. However, only one of the discovered previous models included a method and a tool for identifying threats related to knowledge assets: the Octave Allegro method and its worksheets [7]. The model brings genre and container thinking to knowledge security risk management [7].…”

Section: Introductionmentioning

confidence: 99%

See 2 more Smart Citations