Modern Computer Security, Audit, & Control
Modern Computer Security, Audit, & Control
Information systems security design methods: implications for information systems development
ACM Computing Surveys (CSUR)
A framework for information security evaluation
Information and Management
The object advantage: business process reengineering with object technology
The object advantage: business process reengineering with object technology
Strategic Data Planning Method
Strategic Data Planning Method
Commonsense Computer Security
Management Information Systems: Organization and Technology
Management Information Systems: Organization and Technology
Modern Systems Analysis and Design
Modern Systems Analysis and Design
Information Systems Control and Audit
Information Systems Control and Audit
The effects of user participation in identifying information security risk in business processes
Proceedings of the 2006 ACM SIGMIS CPR conference on computer personnel research: Forty four years of computer personnel research: achievements, challenges & the future
A framework for comparing different information security risk analysis methodologies
SAICSIT '05 Proceedings of the 2005 annual research conference of the South African institute of computer scientists and information technologists on IT research in developing countries
Operational risk analysis in business processes
BT Technology Journal
Threats and countermeasures for information system security: A cross-industry study
Information and Management
Multiobjective decision support for defining secure business processes: a case study
International Journal of Business Intelligence and Data Mining
Estimating the market impact of security breach announcements on firm values
Information and Management
Quantified security is a weak hypothesis: a critical survey of results and assumptions
NSPW '09 Proceedings of the 2009 workshop on New security paradigms workshop
CRITIS'07 Proceedings of the Second international conference on Critical Information Infrastructures Security
Information Resources Management Journal
| Hi-index | 0.00 |
The disruption of operations due to IS failure becomes more important as IS has become an increasingly essential component of the organization's operations and can affect its strategic objectives. Nevertheless, traditional IS risk analysis methods do not adequately reflect the loss from disruption of operations in determining the value of IS assets. Quantitative methods do not measure the loss from disruption of operations. Qualitative methods consider the loss, but their results are subjective and not suitable for cost-benefit decision support. There is a lack of systematic methods to measure the value of IS assets from the viewpoint of operational continuity.This study presents an IS risk analysis method based on a business model. The method uses a systematic quantitative approach dealing with operational continuity: the importance of various business functions and the necessity level of various assets are first determined. The value of each asset is then determined based on these two levels.The proposed method adds the first stage, organizational investigation, to traditional risk analysis. The process of the method utilizes various methodologies such as paired comparison, asset-function assignment tables, and asset dependency diagrams.