Qualitative initial risk analysis for selecting risk analysis approach suitable for IT security policy

In this paper, we presented a qualitative initial risk analysis for selecting risk analysis approach suitable for security efforts where an organization is really need. An initial risk analysis is important to identify which risk analysis method is appropriate for each information system. If an orga...

Full description

Saved in:
Bibliographic Details
Main Authors: Jung-Ho Eom, Young-Hyun Choi, Seon-Ho Park, Tai-Myoung Chung
Format: Conference Proceeding
Language:English
Subjects:
Economics
Europe
initial risk analysis
Production
risk analysis
Risk management
security
Online Access:Request full text
Tags: Add Tag
No Tags, Be the first to tag this record!
Description
Summary:In this paper, we presented a qualitative initial risk analysis for selecting risk analysis approach suitable for security efforts where an organization is really need. An initial risk analysis is important to identify which risk analysis method is appropriate for each information system. If an organization conducts a baseline approach in information system which has very high value and risk, it could be result in significant harm or damage to an organization. In other case, it will be wasted security budget by spending a cost of detailed risk analysis. So, we presented practical qualitative initial risk analysis using matrix scaling method for selecting appropriate approach. Our method applied evaluation items reflecting business process and qualitative asset value. Our method indicates concrete evaluation method and result by assessing with investment expense, the usage of information system, distribution, security level, safeguard, etc.
DOI:10.1109/ICITIS.2010.5689486