A Hybrid Asset-Based IT Risk Management Framework-Reference-Cited by-同舟云学术

A Hybrid Asset-Based IT Risk Management Framework

Published:2022 Issue: Volume: Page:56-76
ISSN:
Container-title:Research Anthology on Business Aspects of Cybersecurity
language:
Short-container-title:

Author:

Cimen Baris¹^ORCID,Mutluturk Meltem¹^ORCID,Kocak Esra¹^ORCID,Metin Bilgin¹^ORCID

Affiliation:

1. Department of Management Information Systems, Bogazici University, Turkey

Abstract

Information security has become one of the most important responsibilities of all organizations due to increasing cyber threats. Attackers take advantage of systems vulnerabilities; therefore, system administrators should be aware of potential threats to take necessary actions to protect their organizations and stakeholders. At this point, a risk assessment is needed to discover possible threats for vulnerable systems of the organization and to implement strategies for the business goals. This study proposes a hybrid risk management framework using both qualitative and quantitative methods to analyze risk within organizations and reduce them with practical countermeasures. Based on this framework, case studies have been carried out considering three hypothetical companies identifying possible information security risks, and these risks have been reduced to an acceptable level by applying the proposed risk analysis methodology.

Publisher

IGI Global

Reference27 articles.

1. A General, But Readily Adaptable Model of Information System Risk

2. Biery, K. J. (2006). Aligning an information risk management approach to BS 7799-3:2005. SANS Reading Room.

3. Some perspectives on risk management: A security case study from the oil and gas industry

4. Caralli, R. A., Stevens, J. F., Young, L. R., & Wilson, W. R. (2007). Introducing octave allegro: Improving the information security risk assessment process (No. CMU/SEI-2007-TR-012).

5. Model-based security analysis in seven steps — a guided tour to the CORAS method