Information security risk management terminology and key concepts

Abstract: Language is the foundation for any communication and the vocabulary used has a decisive influence on the ability of the communication partners to clearly understand each other. In Information Security Risk Management (ISRM), the terminology used is often dictated by industry standards and frameworks. However, there is no universally accepted terminology, which makes collaboration difficult for professionals and researchers alike. This publication compares the terminology defined by frequently used frameworks, … Show more

“…In the pursuit of enhancing the precision and effectiveness of risk assessment, the development of supplementary methodologies has been undertaken to facilitate the evaluation of security risks. A notable illustration of such advancements is exemplified by COBRA (Consultative, Objective and Bi-functional Risk Analysis), devised by British C & A Systems Security Ltd. in the year 1991 (Schmidt, 2023). Within this framework, the enterprise leverages collected questionnaire data to appraise the security status of an organization within the context of the risk assessment report.…”

“…Another noteworthy tool, CRAMM (CCTA Risk Analysis and Management Method), stands as an expansive and adaptable mechanism tailored for the strategic substantiation of prioritized countermeasures at a managerial echelon. Notably, the optimal deployment of CRAMM necessitates the engagement of proficient and seasoned practitioners to ensure efficacious outcomes (Schmidt, 2023), (Fredriksen et al, 2002). Furthermore, the arena of risk assessment has witnessed the emergence of CORA (Cost-of-Risk Analysis), introduced by International Security Technology, Inc. (ICT).…”

“…CORA employs meticulously gathered data pertaining to the spectrum of threats, functions, assets, and vulnerabilities inherent in said functions and assets. Subsequently, these factors are harmonized with the corresponding threat profiles, thereby facilitating the quantitative estimation of potential consequences ensuing from identified risks (Behnia et al, 2012), (Schmidt, 2023), (Fredriksen et al, 2002).…”

The Evolution of Information Security Strategies: A Comprehensive Investigation of INFOSEC Risk Assessment in the Contemporary Information Era

“…In the pursuit of enhancing the precision and effectiveness of risk assessment, the development of supplementary methodologies has been undertaken to facilitate the evaluation of security risks. A notable illustration of such advancements is exemplified by COBRA (Consultative, Objective and Bi-functional Risk Analysis), devised by British C & A Systems Security Ltd. in the year 1991 (Schmidt, 2023). Within this framework, the enterprise leverages collected questionnaire data to appraise the security status of an organization within the context of the risk assessment report.…”

“…Another noteworthy tool, CRAMM (CCTA Risk Analysis and Management Method), stands as an expansive and adaptable mechanism tailored for the strategic substantiation of prioritized countermeasures at a managerial echelon. Notably, the optimal deployment of CRAMM necessitates the engagement of proficient and seasoned practitioners to ensure efficacious outcomes (Schmidt, 2023), (Fredriksen et al, 2002). Furthermore, the arena of risk assessment has witnessed the emergence of CORA (Cost-of-Risk Analysis), introduced by International Security Technology, Inc. (ICT).…”

“…CORA employs meticulously gathered data pertaining to the spectrum of threats, functions, assets, and vulnerabilities inherent in said functions and assets. Subsequently, these factors are harmonized with the corresponding threat profiles, thereby facilitating the quantitative estimation of potential consequences ensuing from identified risks (Behnia et al, 2012), (Schmidt, 2023), (Fredriksen et al, 2002).…”

The Evolution of Information Security Strategies: A Comprehensive Investigation of INFOSEC Risk Assessment in the Contemporary Information Era