Skip to main content
SpringerLink
Log in

Investigation of Assessment Methodologies in Information Security Risk Management

  • Conference paper
  • First Online:
Inventive Communication and Computational Technologies (ICICCT 2023)

Part of the book series: Lecture Notes in Networks and Systems ((LNNS,volume 757))

  • 238 Accesses

Abstract

Information security risk management is a crucial component of every organization's security plan. It comprises the identification, assessment, and prioritization of potential security risks to an organization's information assets as well as the implementation of protective measures or risk management plans. For this method to work, a detailed understanding of an organization's assets, threats, vulnerabilities, and potential impacts of security incidents is required. Effective information security risk management ensures business continuity, safeguards critical information assets, and prevents data breaches. In this study, the key concepts, practices, and tools of information security risk management are discussed. It also looks at the most effective strategies to set up a successful risk management program and identifies emerging trends.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 189.00
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 249.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

References

  1. Landoll D (2021) The security risk assessment handbook: a complete guide for performing security risk assessments. CRC Press

    Google Scholar 

  2. Wheeler E (2011) Security risk management: building an information security risk management program from the ground up. Elsevier

    Google Scholar 

  3. Fundamentals of Information Security Risk Management, https://www.rapid7.com/fundamentals/information-security-risk-management/

  4. Risk Management Process, https://continuingprofessionaldevelopment.org/risk-management-steps-in-risk-management-process/

  5. Information Security Assessment Types, https://danielmiessler.com/study/security-assessment-types/

  6. Delphi Method, Available: https://en.wikipedia.org/wiki/Delphi_method

  7. Limitations of risk Assessment, International Institute of Risk and safety Management. Available: https://www.iirsm.org/limitation-risk-assessment

  8. Plackett RL, Burman JP (1946) The design of optimum multifactorial experiments. Biometrika 33(4):305–325

    Article  MathSciNet  MATH  Google Scholar 

  9. Singh A, Lilja D (2009) Improving risk assessment methodology: a statistical design of experiments approach. In: Proceedings of the 2nd international conference on security of information and networks, pp 21–29

    Google Scholar 

  10. Chen G, Wang K, Tan J, Li X (2019) A risk assessment method based on software behavior. In: 2019 IEEE international conference on intelligence and security informatics (ISI). IEEE, pp 47–52

    Google Scholar 

  11. Li D (2019) Research on legal risk assessment in high-tech SMEs based on AHP-FCE model. In: 2019 IEEE 6th international conference on industrial engineering and applications (ICIEA). IEEE, pp 828–831

    Google Scholar 

  12. D’Arcy J, Herath T, Shoss MK (2014) Understanding employee responses to stressful information security requirements: a coping perspective. J Manag Inf Syst 31(2):285–318

    Article  Google Scholar 

  13. Yin RK (2009) Case study research: design and methods (vol 5). Sage

    Google Scholar 

  14. Lundgren M, Bergström E (2019) Security-related stress: a perspective on information security risk management. In: 2019 International conference on cyber security and protection of digital services (cyber security). IEEE, pp 1–8

    Google Scholar 

  15. Prajanti AD, Ramli K (2019) A proposed framework for ranking critical information assets in information security risk assessment using the octave allegro method with decision support system methods. In: 2019 34th International technical conference on circuits/systems, computers and communications (ITC-CSCC). IEEE, pp 1–4

    Google Scholar 

  16. Malinowski K, Karbowski A (2019) Hierarchical on-line risk assessment at national level. In: 2019 International conference on military communications and information systems (ICMCIS). IEEE, pp 1–5

    Google Scholar 

  17. Rindell K, Holvitie J (2019) Security risk assessment and management as technical debt. In: 2019 International conference on cyber security and protection of digital services (cyber security). IEEE, pp 1–8

    Google Scholar 

  18. Bhatia M, Maitra JK (2018) E-learning platforms security issues and vulnerability analysis. In: 2018 International conference on computational and characterization techniques in engineering & sciences (CCTES). IEEE, pp 276–285

    Google Scholar 

  19. Jackson LA, Al-Hamdani W (2008) Economic acceptable risk assessment model. In: Proceedings of the 5th annual conference on Information security curriculum development, pp 36–39

    Google Scholar 

  20. Han X, Huang H, Wang L (2019) F-PAD: Private attribute disclosure risk estimation in online social networks. IEEE Trans Dependable Secure Comput 16(6):1054–1069

    Article  Google Scholar 

  21. Pulkkinen P, Tiwari N, Kumar A, Jones C (2018) A multi-objective rule optimizer with an application to risk management. In: 2018 17th IEEE international conference on machine learning and applications (ICMLA). IEEE, pp 66–72

    Google Scholar 

  22. Dutta A, Al-Shaer E (2019) “What”,“Where”, and “Why” cybersecurity controls to enforce for optimal risk mitigation. In: 2019 IEEE Conference on Communications and Network Security (CNS). IEEE, pp 160–168

    Google Scholar 

  23. Arena M, Arnaboldi M, Azzone G (2011) Is enterprise risk management real? J Risk Res 14(7):779–797

    Article  Google Scholar 

  24. Power M (2007) Organized uncertainty: designing a world of risk management. Oxford University Press on Demand

    Google Scholar 

  25. Pavlova XL, Shaposhnikov SO (2019) Risk management for university competitiveness assurance. In: 2019 IEEE conference of Russian young researchers in electrical and electronic engineering (EIConRus). IEEE, pp 1440–1443

    Google Scholar 

  26. Lima AM (2010) Risk assessment on distributed software projects. In: 2010 ACM/IEEE 32nd international conference on software engineering, vol 2. IEEE, pp 349–350

    Google Scholar 

  27. Privacy rights clearing House Breaches. Available: https://privacyrights.org/data-breaches

  28. Carfora MF, Orlando A (2019) Quantile based risk measures in cyber security. In: 2019 International conference on cyber situational awareness, data analytics and assessment (Cyber SA). IEEE, pp 1–4

    Google Scholar 

  29. Mkpong-Ruffin I, Umphress D, Hamilton J, Gilbert J (2007) Quantitative software security risk assessment model. In: Proceedings of the 2007 ACM workshop on quality of protection, pp 31–33

    Google Scholar 

  30. Rae A, Hawkins R (2012) Risk assessment in the wild. In: Proceedings of the Australian system safety conference, vol 145, pp 83–89

    Google Scholar 

  31. Awan MSK, Burnap P, Rana O (2015) An empirical risk management framework for monitoring network security. In: 2015 IEEE international conference on computer and information technology; ubiquitous computing and communications; dependable, autonomic and secure computing; pervasive intelligence and computing. IEEE, pp 1764–1771

    Google Scholar 

  32. Massacci F, Paci F, Solhaug B, Tedeschi A (2014) EMFASE—an empirical framework for security design and economic trade-off. In: 2014 Ninth international conference on availability, reliability and security. IEEE, pp 537–543

    Google Scholar 

  33. Why it is essential to conduct IT Security Assessment, https://www.cloudsecuretech.com/essential-conduct-security-assessment/

Download references

Author information

Authors and Affiliations

  1. School of Computer Science and Engineering, Vellore Institute of Technology, Chennai, India

    C. Rajathi & P. Rukmani

Authors
  1. C. Rajathi
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. P. Rukmani
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to P. Rukmani .

Editor information

Editors and Affiliations

  1. Department of Electronics and Communication Engineering, Gnanamani College of Technology, Namakkal, Tamil Nadu, India

    G. Ranganathan

  2. Department of Computer Science (HUMAIN-Lab), International Hellenic University, Thessaloniki, Greece

    George A. Papakostas

  3. Information Systems and Operations Management (ISEG), University of Lisbon, Lisboa, Portugal

    Álvaro Rocha

Rights and permissions

Reprints and permissions

Copyright information

© 2023 The Author(s), under exclusive license to Springer Nature Singapore Pte Ltd.

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Rajathi, C., Rukmani, P. (2023). Investigation of Assessment Methodologies in Information Security Risk Management. In: Ranganathan, G., Papakostas, G.A., Rocha, Á. (eds) Inventive Communication and Computational Technologies. ICICCT 2023. Lecture Notes in Networks and Systems, vol 757. Springer, Singapore. https://doi.org/10.1007/978-981-99-5166-6_26

Download citation

Publish with us

Policies and ethics

Search

Navigation