A comparative study of risk assessment methods, MEHARI & CRAMM with a new formal model of risk assessment (FoMRA) in information systems

Authors:
Imed El Fray
Affiliations:
Faculty of Computer Science, West Pomeranian University of Technology, Szczecin, Szczecin, Poland
Venue:
CISIM'12 Proceedings of the 11th IFIP TC 8 international conference on Computer Information Systems and Industrial Management
Year:
2012

Citing 8
Cited 0

Security threats to internet: a Korean multi-industry investigation

Information and Management
A Methodology for Architecture-Level Reliability Risk Analysis

IEEE Transactions on Software Engineering
Risk analysis for information technology

Journal of Management Information Systems
Is Information Security Under Control?: Investigating Quality in Information Security Management

IEEE Security and Privacy
Threats and countermeasures for information system security: A cross-industry study

Information and Management
Principles of Information Security

Principles of Information Security
A systematic review of security requirements engineering

Computer Standards & Interfaces
Information Technology Capability, Knowledge Assets and Firm Innovation: A Theoretical Framework for Conceptualizing the Role of Information Technology in Firm Innovation

International Journal of Strategic Information Technology and Applications

Quantified Score

Hi-index	0.00

Visualization

Abstract

In this article, we present a comparative study of a developed new formal mathematical model of risk assessment (FoMRA) with expert methods of risk assessment in the information systems (IS). Proposed analysis verified the correctness of theoretical assumptions of developed model. In the paper, the examples of computations illustrating the application of FoMRA and known and accepted throughout the world methods of risk assessment: MEHARI and CRAMM were presented and related to a specific unit of the public administration operating in Poland.