• DocumentCode
    2413122
  • Title

    AURUM: A Framework for Information Security Risk Management

  • Author

    Ekelhart, Andreas ; Fenz, Stefan ; Neubauer, Thomas

  • Author_Institution
    Secure Bus. Austria, Vienna
  • fYear
    2009
  • fDate
    5-8 Jan. 2009
  • Firstpage
    1
  • Lastpage
    10
  • Abstract
    As companies are increasingly exposed to a variety of information security threats, they are permanently forced to pay attention to security issues. Risk management provides an effective approach for measuring the security through risk assessment, risk mitigation and evaluation. Existing risk management approaches are highly accepted but demand very detailed knowledge about the IT security domain and the actual company environment. This paper presents AURUM - a new methodology for supporting the NIST SP 800-30 risk management standard - and provides a comparison with the GSTool and CRISAM in order to highlight the benefits decision makers may expect when using AURUM.
  • Keywords
    knowledge management; risk management; security of data; AURUM; IT security domain; NIST SP 800-30 risk management standard; information security risk management; knowledge management; risk assessment; risk evaluation; risk mitigation; Information security; Risk management;
  • fLanguage
    English
  • Publisher
    ieee
  • Conference_Titel
    System Sciences, 2009. HICSS '09. 42nd Hawaii International Conference on
  • Conference_Location
    Big Island, HI
  • ISSN
    1530-1605
  • Print_ISBN
    978-0-7695-3450-3
  • Type

    conf

  • DOI
    10.1109/HICSS.2009.82
  • Filename
    4755409
    • Link To Document
    https://search.isc.ac/dl/search/defaultta.aspx?DTC=49&DC=2413122