DocumentCode
3080592
Title
Business Process-Based Information Security Risk Assessment
Author
Khanmohammadi, Kobra ; Houmb, Siv Hilde
Author_Institution
Central Bank of Iran, Tehran, Iran
fYear
2010
fDate
1-3 Sept. 2010
Firstpage
199
Lastpage
206
Abstract
Limited information security budget in organizations make it necessary to effectively prioritize among security requirements. The goal is to make the most out of the available budget and to achieve a balanced overall security level. This leads to maximize the investment outcome. Many existing information security risk assessment approaches identify and assess risks to critical assets and are asset-driven approaches. These are limited in that it is hard to keep track of dependencies between assets and to produce realistic estimates of their values to an organization. We present a new security risk assessment approach focusing on business goals rather than assets and the processes supporting or contributing to these goals. Risks are identified and evaluated on a business process level and aggregated over all such processes depending on their criticality, role and importance for the organization as a whole. We illustrate our approach using examples from the banking industry, as well as discuss how our approach deals with some of the ambiguities involved in expert intensive and asset-driven information security risk assessment.
Keywords
bank data processing; business data processing; information management; investment; risk management; security of data; asset driven approach; banking industry; business process; information management; information security risk assessment; investment outcome maximization; process management; security requirement; Companies; Information security; Process control; Risk management; Business process; Information management; Information security; Process management; Risk assessment; Risk management;
fLanguage
English
Publisher
ieee
Conference_Titel
Network and System Security (NSS), 2010 4th International Conference on
Conference_Location
Melbourne, VIC
Print_ISBN
978-1-4244-8484-3
Electronic_ISBN
978-0-7695-4159-4
Type
conf
DOI
10.1109/NSS.2010.37
Filename
5635519
Link To Document