Title :
Qualitative initial risk analysis for selecting risk analysis approach suitable for IT security policy
Author :
Eom, Jung-Ho ; Choi, Young-Hyun ; Park, Seon-Ho ; Chung, Tai-Myoung
Author_Institution :
Internet Manage. Technol. Lab., Sungkyunkwan Univ., Suwon, South Korea
Abstract :
In this paper, we presented a qualitative initial risk analysis for selecting risk analysis approach suitable for security efforts where an organization is really need. An initial risk analysis is important to identify which risk analysis method is appropriate for each information system. If an organization conducts a baseline approach in information system which has very high value and risk, it could be result in significant harm or damage to an organization. In other case, it will be wasted security budget by spending a cost of detailed risk analysis. So, we presented practical qualitative initial risk analysis using matrix scaling method for selecting appropriate approach. Our method applied evaluation items reflecting business process and qualitative asset value. Our method indicates concrete evaluation method and result by assessing with investment expense, the usage of information system, distribution, security level, safeguard, etc.
Keywords :
business data processing; information systems; organisational aspects; risk analysis; security of data; IT security policy; business process; concrete evaluation method; information distribution; information system usage; investment expense; matrix scaling method; organization; qualitative asset value; qualitative initial risk analysis; risk analysis approach; risk analysis method; security level; wasted security budget; Economics; Europe; Production; Risk management; initial risk analysis; risk analysis; security;
Conference_Titel :
Information Theory and Information Security (ICITIS), 2010 IEEE International Conference on
Conference_Location :
Beijing
Print_ISBN :
978-1-4244-6942-0
DOI :
10.1109/ICITIS.2010.5689486
