Understanding Insecure IT: Practical Risk Assessment

Liu, Simon; Kuhn, Rick; Rossman, Hart

doi:10.1109/mitp.2009.62

Cited by 5 publications

(2 citation statements)

References 0 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…We use the FRAP methodology only for the identification and evaluation of assets. Our usage of the FRAP methodology differs from the classical FRAP methodology described by Peltier (2008) in two points:The analyzed subject is not an IT system but the entire organization.The aim is not the identification of risks and controls but the identification of important assets and their exposure to risks.The asset evaluation phase is time‐consuming and labor intensive (Gerber and von Solms, 2005; Liu et al , 2009). The evaluation of assets using the FRAP methodology is very effective.…”

Section: The Use Of Frap Methodology For Asset Evaluationmentioning

confidence: 99%

Risk analysis methodology used by several small and medium enterprises in the Czech Republic

Beránek

2011

Information Management &Amp; Computer Security

View full text Add to dashboard Cite

PurposeThe aim of this paper is to present risk analysis procedures which have been successfully applied by Czech small and medium enterprises (SMEs). The methodology, which is based on the modification and combination of two standard methods, aims to accelerate (and make more affordable) the risk analysis process, as compared to other risk analysis methods used for public organizations and major corporations in the Czech Republic.Design/methodology/approachThe paper presents in detail the individual steps the authors used in risk analysis of SMEs in the Czech Republic. The method is based on the facilitated risk analysis process (FRAP) methodology and the BITS recommendation. Modifications of both methodologies are described in detail.FindingsTo perform risk analysis in the SME sector in the Czech Republic, it is necessary to have a broad portfolio of instruments. Besides using the CRAMM methodology, the authors have created a new method based on combining the BITS and FRAP methods. The advantage of this method is its ability to accelerate the risk analysis, especially the identification and asset evaluation phases. Another advantage is that the method produces simple spreadsheet tables, providing the consumer with a tool that is easily editable and may be used for follow‐up procedures.Practical implicationsThe risk analysis method produces benefits for SMEs by speeding up the risk analysis and lowering its cost. Another benefit is that the method is open‐source and can potentially be further modified.Originality/valueThe paper presents in detail an approach to risk analysis based on the modification of the FRAP methodology and the BITS recommendation.

show abstract

Section: The Use Of Frap Methodology For Asset Evaluationmentioning

confidence: 99%

Risk analysis methodology used by several small and medium enterprises in the Czech Republic

Beránek

2011

Information Management &Amp; Computer Security

View full text Add to dashboard Cite

show abstract

“…There are two types of risk assessment methods which are qualitative and quantitative [15] [16]. The qualitative risk assessment method describes the magnitude of a threat impact to the organization and the probability of risk occurrence which is expressed using a multiplication function.…”

Section: E Risk Calculationmentioning

confidence: 99%

A Hybrid Model for Information Security Risk Assessment

Haji

Tan²,

Costa

2019

IJATCSE

View full text Add to dashboard Cite

Many industry standards and methodologies were introduced which has brought forth the management of threats assessment and risk management of information assets in a systematic manner. This paper will review and analyze the main processes followed in IT risk management frameworks from the perspective of the threat analysis process using a threat modeling methodology. In this study, the authors propose a new assessment model which shows that systematic threat analysis is an essential element to be considered as an integrated process within IT risk management frameworks. The new proposed model complements and fulfills the gap in the practice of assessing information security risks.

show abstract

References

2019

Digital Asset Valuation and Cyber Risk Management

View full text Add to dashboard Cite

Understanding Insecure IT: Practical Risk Assessment

Cited by 5 publications

References 0 publications

Risk analysis methodology used by several small and medium enterprises in the Czech Republic

Risk analysis methodology used by several small and medium enterprises in the Czech Republic

A Hybrid Model for Information Security Risk Assessment

References

Contact Info

Product

Resources

About