Share This Article:

Proposed Framework for Security Risk Assessment

Abstract Full-Text HTML Download Download as PDF (Size:11098KB) PP. 85-90
DOI: 10.4236/jis.2011.22008    7,317 Downloads   16,826 Views   Citations

ABSTRACT

Security risk assessment framework provides comprehensive structure for security risk analysis that would help uncover systems’ threats and vulnerabilities. While security risk assessment is an important step in the security risk management process, this paper will focus only on the security risk assessment framework. Viewing issues that exist in a current framework, we have developed a new framework for security risk and vulnerabilities assessment by adding new components to the processes of the existing framework. The proposed framework will further enhance the outcome of the risk assessment, and improve the effectiveness of the current framework. To demonstrate the efficiency the proposed framework, a network security simulation as well as filed tests of an existing network where conducted.

Conflicts of Interest

The authors declare no conflicts of interest.

Cite this paper

Z. Saleh, H. Refai and A. Mashhour, "Proposed Framework for Security Risk Assessment," Journal of Information Security, Vol. 2 No. 2, 2011, pp. 85-90. doi: 10.4236/jis.2011.22008.

References

[1] The Office of the Government Chief Information Officer, “Security Risk Assessment and Audit Guidelines”, 2009. http://www.ogcio.gov.hk/eng/prodev/download/g51_pub
[2] T. Even, “A Unified Framework For Risk and Vulnerability Analysis Covering Both Safety and Securi-ty”, Reliability Engineering and System Safety, Vol. 92, No. 6, 2007, pp. 745-754. doi:10.1016/j.ress.2006.03.008
[3] G. Stoneburner, A. Goguen, A. Feringa, “Risk Management Guide for In-formation Technology Systems”, 2002. http://csrc.nist.gov/publications/nistpubs/800-30/sp800-30f
[4] Homeland Security, “National Infrastructure Protection Plane Risk Management Framework”, (2009). http://www.dhs.gov/xlibrary/assets/NIPP_RiskMgmt
[5] M. D. Cavelty, “Critical Information Infrastructure: Vulnerabilities, Threats and Responses” Disarmament Forum ICTs and International Security, No. 3, 2007, pp. 15-22.
[6] R. Olsson, “In Search of Opportunity Man-agement: Is the Risk Management Process Enough?” In-ternational Journal of Project Management, Vol. 25, No. 8, November 2007, pp. 745-752. doi:10.1016/j.ijproman.2007.03.005
[7] S. Posthumus, R. Solms, “A Framework for the Governance of Informa-tion Security”, Computer and Security, Vol. 23, No. 8, December 2004, pp. 638-646. doi:10.1016/j.cose.2004.10.006
[8] Akelainc, “What Risk and Vulnerability Assessment”, 2009. http://www.akelainc.com/pdf_files/What%20is%20risk%20and%20vulnerability%20assessment.pdf
[9] Insight Networking, “Risk and Vulnerabilities Assessment”, 2009. https://images01.insight.com/media/pdf/IN_RVA_Datasheet
[10] S. Bajpai, A. Sachdeva, J. Gupta, “Security Risk Assessment: Applying the Concept of Fuzzy Logic”, Journal of Hazardous Materials, Vol. 173, No. 1-3, Jan-uary 2010, pp.258-264. doi:10.1016/j.jhazmat.2009.08.078
[11] A. Veiga, J. Eloff, “A Framework and Assessment for Information Security Culture”, Computer and Security, Vol. 29, No. 2, March 2010, pp. 196-207. doi:10.1016/j.cose.2009.09.002
[12] Dunn Myriam, “A Comparative Analysis of Cyber security Initiatives Worldwide”, WSIS Thematic Meeting on Cybersecurity, Geneva, 28 June-1 July 2005.
[13] SpiceWorks Inc., “SpiceWorks, IT Is Everything”, April 14, 2010. http://www.spiceworks.com/

  
comments powered by Disqus

Copyright © 2020 by authors and Scientific Research Publishing Inc.

Creative Commons License

This work and the related PDF file are licensed under a Creative Commons Attribution 4.0 International License.