CFP last date
20 June 2024
Call for Paper
July Edition
IJCA solicits high quality original research papers for the upcoming July edition of the journal. The last date of research paper submission is 20 June 2024

Submit your paper
Know more
The week's pick
Responsive image
Enhancing Privacy Preservation: Multi-Attribute Protection with P-Sensitive K-Anonymity

Twinkle Patel Kiran Amin
Random Articles
Reseach Article

Comparative Study of Information Security Risk Assessment Model

by Keerti Dixit, Umesh Kumar Singh, Bhupendra Kumar Pandya
journal cover thumbnail

International Journal of Computer Applications
Foundation of Computer Science (FCS), NY, USA
Volume 185 - Number 7
Year of Publication: 2023
Authors: Keerti Dixit, Umesh Kumar Singh, Bhupendra Kumar Pandya
10.5120/ijca2023922722

Keerti Dixit, Umesh Kumar Singh, Bhupendra Kumar Pandya . Comparative Study of Information Security Risk Assessment Model. International Journal of Computer Applications. 185, 7 ( May 2023), 18-22. DOI=10.5120/ijca2023922722

@article{ 10.5120/ijca2023922722,
author = { Keerti Dixit, Umesh Kumar Singh, Bhupendra Kumar Pandya },
title = { Comparative Study of Information Security Risk Assessment Model },
journal = { International Journal of Computer Applications },
issue_date = { May 2023 },
volume = { 185 },
number = { 7 },
month = { May },
year = { 2023 },
issn = { 0975-8887 },
pages = { 18-22 },
numpages = {9},
url = { https://ijcaonline.org/archives/volume185/number7/32713-2023922722/ },
doi = { 10.5120/ijca2023922722 },
publisher = {Foundation of Computer Science (FCS), NY, USA},
address = {New York, USA}
}
%0 Journal Article
%1 2024-02-07T01:25:29.397498+05:30
%A Keerti Dixit
%A Umesh Kumar Singh
%A Bhupendra Kumar Pandya
%T Comparative Study of Information Security Risk Assessment Model
%J International Journal of Computer Applications
%@ 0975-8887
%V 185
%N 7
%P 18-22
%D 2023
%I Foundation of Computer Science (FCS), NY, USA
Abstract

Analysis of security risks is crucial to the management of information systems. The same risks brought on by information assets, their potential threats, and vulnerabilities, as well as security measures, are to be prevented by security risk analysis models. Today, the majority of these models are utilized to assess risk value without recognizing the organization's security issues. As a result, decision-makers are unable to choose the best methodology for addressing security concerns. In this research paper, we have developed a Comparative Framework to carry out a thorough comparative analysis of the various models that underpin the information risk assessment process. Next, we have evaluated existing information security risk assessment models through this framework.

References
  1. Danial F. Gareia and Adrian Fernandez, “Effective Methodology for Security Risk Assessment of Computer Systems”, International Journal of Computer, Electrical, Automation, Control and Information Engineering, vol. 7, no. 8, 2013.
  2. Wang, J., Neil, M., & Fenton, N., “A Bayesian network approach for cybersecurity risk assessment implementing and extending the FAIR model” Computers and Security, 89, 101659, 2020. https://doi.org/10.1016/j.cose.2019.101659
  3. Hiller, J. S., & Russell, R. S., “The challenge and imperative of private sector cybersecurity : An international comparison. Computer Law & Security Review”, 29(3), 236–245, 2013. https://doi.org/10.1016/j.clsr.2013.03.003
  4. K.V.D. Kiran, L.S.S. Reddy, Velagapudi Pavan Kumar, Kalluri Krishna Sai Dheeraj, “Security Risk Management in critical Informative Systems”, conference on IT in Business, Industry and Government, 2014.
  5. Piya Shedden, Atif Ahmad, Wally Smith, Heidi Tscherning, Rens Scheepers, “Asset identification in information security risk assessment: A business practice approach”, Communications of the Association for Information System, vol. 30, 2016
  6. Keerti Dixit, “Information Security Risk Assessment in Higher Educational Institutions-Issues and Challenges” presented in 36th M.P. Young Scientist Congress, March 23 - 26, 2021
  7. K. Dixit, U. K. Singh, B. K. Pandya, “Comparative Framework for Information Security Risk Assessment Model”, ICCIDS-2022 International Conference on Computational and Intelligent Data Science (Elsevier) 21 May 2022.
  8. Muhammad Asif Kha, “Efficacy of OCTAVE Risk Assessment Methodology in Information Systems Organizations”, International Journal of Computer Applications Technology and Research Volume 6–Issue 6, 242-244, 2017, ISSN:-2319–8656
  9. ISF: Information Security Forum. 'TRAM: Information Risk Analysis Methodologies Project Control Selection", January 2006.
  10. Insight Consulting, "Managing Risk in Your Organization, Achieving True Corporate Governance through the Management of Risk", 2005.
  11. DCSSI Advisory Office, "EBIOS - Section 2: Approach", 2004.
  12. Federal Office for Information Security, Germany, "IT-Grundschutz Catalogues", 2005.
  13. P. Bowen, J. Hash, M. Wilson, "NIST Special Publication 800-53: Recommended Security Controls for Federal Information Systems", National Institute of Standards and Technology, December 2007.
  14. K. Stolen, "Security Analysis: CORAS in Seven Steps", Sintef & University of Oslo, 2007.
  15. Microsoft Solutions for Security and Security Center of Excellence. "The Security Risk Management Guide" Version 1.1, 2004.
Index Terms

Computer Science
Information Sciences

Keywords

Information Security Risk Assessment risk threat vulnerability

Powered by PhDFocusTM