Abstract
Information technology and information systems have been used widely in many fields, such as business, education, marketing, transportation, medical, and many other areas. In the information technology and system field, a security aspect plays a vital role and thus becomes a challenging issue. Therefore, security should be ready installed and resistant to various numbers of potential attacks. In Information Security and Information Technology, deciding what countermeasures could potentially harm the organization from achieving its business objectives is important. Reducing risk to an acceptable level is the main target of the risk management process. On the other hand, the main reason for failure in Information Security Risk Management (ISRM) is the complexity and inflexibility of the existing models. Domain modulars usually spend a lot of time understanding the nature of the domain they desire to model. Even though many current ISRM models appear, finding a suitable model that could provide a straight guideline to the ISRM users based on their problems is limited. To overcome this issue, this book chapter follows the design science research to create a generic metamodel that can describe the semantics of ISRM models and their solutions through one unified model. Through the metamodel, various risk management problems faced by different levels of ISRM users can be solved based on the problem attributes, such as risk determination specific to a firewall vulnerability problem and risk assessment for an information security project management. This can help many users/newcomers to this domain to easily understand the concepts required for their own information security risk problems.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Similar content being viewed by others
References
A. Al-Dhaqm, S. Razak, K. Siddique, R.A. Ikuesan, V.R. Kebande, Towards the development of an integrated incident response model for database forensic investigation field. IEEE Access, 1 (2020). https://doi.org/10.1109/ACCESS.2020.3008696
Z.A. Soomro, M.H. Shah, J. Ahmed, Information security management needs more holistic approach: a literature review. Int. J. Inf. Manage. 36(2), 215–225 (2016)
V. Trivellone, E.P. Hoberg, W.A. Boeger, D.R. Brooks, Food security and emerging infectious disease: risk assessment and risk management. R. Soc. Open Sci. 9(2), 211687 (2022)
J. Merchan-Lima, F. Astudillo-Salinas, L. Tello-Oquendo, F. Sanchez, G. Lopez-Fonseca, D. Quiroz, Information security management frameworks and strategies in higher education institutions: a systematic review. Ann. Telecommun. 76(3), 255–270 (2021)
C. Ma, Smart city and cyber-security; technologies used, leading challenges and future recommendations. Energy Rep. 7, 7999–8012 (2021)
A. Al-Dhaqm et al., CDBFIP: Common database forensic investigation processes for Internet of Things. IEEE Access 5, 24401–24416 (2017)
X. Zhang, N. Wuwong, H. Li, X. Zhang, Information security risk management framework for the cloud computing environments, in 2010 10th IEEE International Conference on Computer and Information Technology (2010), pp. 1328–1334
A. Al-Dhaqm, S. Razak, S.H. Othman, A. Ngadi, M.N. Ahmed, A.A. Mohammed, Development and validation of a database forensic metamodel (DBFM). PLoS One 12(2) (2017). https://doi.org/10.1371/journal.pone.0170793.
M.S. Aini, A. Fakhru’l‐Razi, M. Daud, N.M. Adam, R.A. Kadir, Analysis of royal inquiry report on the collapse of a building in Kuala Lumpur: Implications for developing countries. Disaster Prev. Manag. An Int. J. (2005)
D. Paton, D. Jackson, Developing disaster management capability: an assessment centre approach. Disaster Prev. Manag. An Int. J. (2002)
A.M.R. Al-Dhaqm, S.H. Othman, S. Abd Razak, A. Ngadi, Towards adapting metamodelling technique for database forensics investigation domain, in 2014 International Symposium on Biometrics and Security Technologies (ISBAST) (2014), pp. 322–327
J.M. Sprinkle, Metamodel Driven Model Migration. Vanderbilt University (2003)
A. Gharedaghli, Design of a generic metamodel for fieldwork data management (2003)
A.R. Hevner, S.T. March, J. Park, S. Ram, Design science in information systems research. MIS Q., 75–105 (2004)
S.T. March, G.F. Smith, Design and natural science research on information technology. Decis. Support Syst. 15(4), 251–266 (1995)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2023 The Author(s), under exclusive license to Springer Nature Switzerland AG
About this chapter
Cite this chapter
Salem, M., Othman, S.H., Al-Dhaqm, A., Ali, A. (2023). Development of Metamodel for Information Security Risk Management. In: Yafooz, W.M.S., Al-Aqrabi, H., Al-Dhaqm, A., Emara, A. (eds) Kids Cybersecurity Using Computational Intelligence Techniques. Studies in Computational Intelligence, vol 1080. Springer, Cham. https://doi.org/10.1007/978-3-031-21199-7_17
Download citation
DOI: https://doi.org/10.1007/978-3-031-21199-7_17
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-031-21198-0
Online ISBN: 978-3-031-21199-7
eBook Packages: Intelligent Technologies and RoboticsIntelligent Technologies and Robotics (R0)