Risk Assessment Framework (RAF)

Today’s business is very much dependent on the information systems. Computer networks have transferred our life into a fast andcomfortable one but at the same time, it has posed various threats to the existing information system due to open accessibility. Any information asset, when connected to the outside world, is vulnerable to attacks. The attacks are mainly caused by threats that have the potential to exploitvulnerabilities. Any type of damage to these assets causes risk and it is one of the most important factors to the organization. The risk of maliciousattacks to the software security has considerably gone up and to prevent such risk is very necessary. The maxim ‘sooner is better’ has become theorder of the day. Hence, this study was undertaken in view of the significance of risk assessment in the requirements phase of SDLC. In the absenceof any roadmap/process/framework, in this paper, we hereby propose Risk Assessment Framework (RAF) for assessing the risk in the requirementsphase itself along with validation results. This framework has three major components: nine security policies checklists, weightage for the attributesof each policy and quantified risk estimation. Such a framework may prove to be relevant at mitigation of security vulnerabilities, right from thebeginning i.e. requirements phase and lead to considerable reduction of cost in terms of software security assurance