Summary: | Information security has become a vital entity to most organizations today due to current
trends in information transfer through a borderless and vulnerable world. The concern and
interest in information security is mainly due to the fact that information security risk
assessment (ISRA) is a vital method to not only to identify and prioritize information assets
but also to identify and monitor the specific threats that an organization induces; especially
the chances of these threats occurring and their impact on the respective businesses.
However, organizations wanting to conduct risk assessment may face problems in selecting
suitable methods that would augur well in meeting their needs. This is due to the existence of
numerous methodologies that are readily available. However, there is a lack in agreed
reference benchmarking as well as in the comparative framework for evaluating these ISRA
methods to access the information security risk. Generally, organizations will choose the
most appropriate ISRA method by carrying out a comparative study between the available
methodologies in detail before a suitable method is selected to conduct the risk assessment.
This paper suggests a conceptual framework of info-structure for ISRA that was developed by
comparing and analysing six methodologies which are currently available. The info�structure for ISRA aims to assist organizations in getting a general view of ISRA flow, gath�ering information on the requirements to be met before risk assessment can be conducted
successfully. This info-structure can be conveniently used by organizations to complete all
the required planning as well as the selection of suitable methods to complete the ISRA.
|