A comparative framework for risk analysis methods
Computers and Security
Managing Information Security Risks: The Octave Approach
Managing Information Security Risks: The Octave Approach
The IS risk analysis based on a business model
Information and Management
Towards Resilient Community Wireless Mesh Networks
AIMS '08 Proceedings of the 2nd international conference on Autonomous Infrastructure, Management and Security: Resilient Networks and Services
Toward risk assessment as a service in cloud environments
HotCloud'10 Proceedings of the 2nd USENIX conference on Hot topics in cloud computing
Mapping between classical risk management and game theoretical approaches
CMS'11 Proceedings of the 12th IFIP TC 6/TC 11 international conference on Communications and multimedia security
A two-phase quantitative methodology for enterprise information security risk analysis
Proceedings of the CUBE International Information Technology Conference
| Hi-index | 0.00 |
Organisations wanting to conduct information security risk analysis may find selecting a methodology problematic. Currently there are numerous risk analysis methodologies available, some of which are qualitative while others are more quantitative in nature. These methodologies have a common goal of estimating the overall risk value. An organisation must select the most appropriate methodology based on its specific needs. This article addresses the problem by presenting a framework that can be used to compare different risk analysis methodologies. Five methodologies, which are currently available, were analysed in order to establish the framework for comparison.