Developing an Information Security Risk Taxonomy and an Assessment Model using Fuzzy Petri Nets-Reference-Cited by-同舟云学术

Developing an Information Security Risk Taxonomy and an Assessment Model using Fuzzy Petri Nets

Published:2018-07 Issue:3 Volume:20 Page:48-69
ISSN:1548-7717
Container-title:Journal of Cases on Information Technology
language:en
Short-container-title:

Author:

Pramod Dhanya¹,Bharathi S. Vijayakumar¹^ORCID

Affiliation:

1. Symbiosis Centre for Information Technology (SCIT), Symbiosis International (Deemed University), Pune, India

Abstract

In the digital era, organization-wide information security risk assessment has gained importance because it can impact businesses in many ways. In this article, the authors propose a model to assess the information security risk using Fuzzy Petri Nets (FPN). Deeply rooted in the OCTAVE framework, this research presents a taxonomy of risk practice areas and risk factors. The authors apply the constituents of the taxonomy to risk assessment through a well-defined FPN model. The primary motive of the article is to extend the usability of FPNs to newer and less explored domains like audit and evaluation of information security risks. The unique contribution of this article is the definition and development of a comprehensive and measurable model of risk assessment and quantification. The model can also serve as a tool to capture the risk perception of the respondents for validating the criticality of risk and facilitate the top management to invest in information security control eco-system judiciously.

Publisher

IGI Global

Subject

Information Systems and Management,Strategy and Management,Computer Science Applications,Information Systems

Reference108 articles.

1. Incident response teams – Challenges in supporting the organisational security function

2. Information security strategies: towards an organizational multi-strategy perspective

3. A case analysis of information systems and security incident responses

4. Alberts, C. Behrens, Sandra., Pethia, Richard., & Wilson, William. (1999). Operationally Critical Threat, Asset, and Vulnerability Evaluation (OCTAVE) Framework, Version 1.0. Retrieved from http://resources.sei.cmu.edu/library/asset-view.cfm?AssetID=13473

5. Alberts, C., Dorofee, A., Stevens, J., & Woody, C. (2005). OCTAVE-S (Registered) Implementation Guide, Version 1.0. Retrieved from http://oai.dtic.mil/oai/oai?verb=getRecord&metadataPrefix=html&identifier=ADA453286

Cited by 4 articles. 订阅此论文施引文献订阅此论文施引文献，注册后可以免费订阅5篇论文的施引文献，订阅后可以查看论文全部施引文献

1. Risk Assessment Model of Chemical Process Based on Interval Type-2 Fuzzy Petri Nets;Processes;2023-04-22

2. FPNs for Knowledge Representation and Reasoning: A Literature Review;Fuzzy Petri Nets for Knowledge Representation, Acquisition and Reasoning;2023

3. Respite for SMEs: A Systematic Review of Socio-Technical Cybersecurity Metrics;Applied Sciences;2021-07-27

4. Information System Audit for Mobile Device Security Assessment;2021 3rd International Cyber Resilience Conference (CRC);2021-01-29