A strategic modeling technique for information security risk assessment
Information Management & Computer Security
ISSN: 0968-5227
Article publication date: 27 February 2007
Abstract
Purpose
This paper seeks to present a conceptual modeling approach, which is new in the domain of information systems security risk assessment.
Design/methodology/approach
The approach is helpful for performing means‐end analysis, thereby uncovering the structural origin of security risks in information systems, and how the root‐causes of such risks can be controlled from the early stages of the projects.
Findings
Though some attempts have previously been made to model security risk assessment in information systems using conventional modeling techniques such as data flow diagrams and UML, the previous works have analyzed and modeled the same just by addressing “what” a process is like. However, they do not address “why” the process is the way it is.
Originality/value
The approach addresses the limitation of the existing security risk assessment models by exploring the strategic dependencies between the actors of a system and analyzing the motivations, intents and rationales behind the different entities and activities constituting the system.
Keywords
Citation
Misra, S.C., Kumar, V. and Kumar, U. (2007), "A strategic modeling technique for information security risk assessment", Information Management & Computer Security, Vol. 15 No. 1, pp. 64-77. https://doi.org/10.1108/09685220710738787
Publisher
:Emerald Group Publishing Limited
Copyright © 2007, Emerald Group Publishing Limited