IDEAS home Printed from https://ideas.repec.org/h/spr/sprchp/978-3-7908-2632-6_51.html
   My bibliography  Save this book chapter

A Business Aware Information Security Risk Analysis Method

In: Information Technology and Innovation Trends in Organizations

Author

Listed:
  • M. Sadok

    (Institute of Technology in Communications at Tunis)

  • P. Spagnoletti

    (CeRSI – LUISS Guido Carli University)

Abstract

Securing the organization critical information assets from sophisticated insider threats and outsider attacks is essential to ensure business continuity and efficiency. The information security risk management (ISRM) is the process that identifies the threats and vulnerabilities of an enterprise information system, evaluates the likelihood of their occurrence and estimates their potential business impact. It is a continuous process that allows cost effectiveness of implemented security controls and provides a dynamic set of tools to monitor the security level of the information system. However, the examination of existing practices of the enterprises reveals a poor effectiveness of information security management processes such as stated in the information security breaches surveys. In particular, the enterprises experience difficulties in assessing and managing their security risks, in implementing appropriate security controls, as well as in preventing security threats. The available ISRM models and frameworks mainly focus on the technical modules related to the development of security mitigation and prevention and do not pay much attention to the influence of business variables affecting the reliability of the provided solutions. This paper discusses the major business related factors for risk analysis and shows their interference in the ISRM process. These factors include the enterprise strategic environment, the organizational structure features, the customer relationship and the value chain configuration.

Suggested Citation

  • M. Sadok & P. Spagnoletti, 2011. "A Business Aware Information Security Risk Analysis Method," Springer Books, in: Alessandro D'Atri & Maria Ferrara & Joey F. George & Paolo Spagnoletti (ed.), Information Technology and Innovation Trends in Organizations, pages 453-460, Springer.
  • Handle: RePEc:spr:sprchp:978-3-7908-2632-6_51
    DOI: 10.1007/978-3-7908-2632-6_51
    as

    Download full text from publisher

    To our knowledge, this item is not available for download. To find whether it is available, there are three options:
    1. Check below whether another version of this item is available online.
    2. Check on the provider's web page whether it is in fact available.
    3. Perform a search for a similarly titled item that would be available.

    Citations

    Citations are extracted by the CitEc Project, subscribe to its RSS feed for this item.
    as


    Cited by:

    1. Peter M. Bednar & Christine Welch, 2020. "Socio-Technical Perspectives on Smart Working: Creating Meaningful and Sustainable Systems," Information Systems Frontiers, Springer, vol. 22(2), pages 281-298, April.
    2. Peter M. Bednar & Christine Welch, 0. "Socio-Technical Perspectives on Smart Working: Creating Meaningful and Sustainable Systems," Information Systems Frontiers, Springer, vol. 0, pages 1-18.

    More about this item

    Statistics

    Access and download statistics

    Corrections

    All material on this site has been provided by the respective publishers and authors. You can help correct errors and omissions. When requesting a correction, please mention this item's handle: RePEc:spr:sprchp:978-3-7908-2632-6_51. See general information about how to correct material in RePEc.

    If you have authored this item and are not yet registered with RePEc, we encourage you to do it here. This allows to link your profile to this item. It also allows you to accept potential citations to this item that we are uncertain about.

    We have no bibliographic references for this item. You can help adding them by using this form .

    If you know of missing items citing this one, you can help us creating those links by adding the relevant references in the same way as above, for each refering item. If you are a registered author of this item, you may also want to check the "citations" tab in your RePEc Author Service profile, as there may be some citations waiting for confirmation.

    For technical questions regarding this item, or to correct its authors, title, abstract, bibliographic or download information, contact: Sonal Shukla or Springer Nature Abstracting and Indexing (email available below). General contact details of provider: http://www.springer.com .

    Please note that corrections may take a couple of weeks to filter through the various RePEc services.

    IDEAS is a RePEc service. RePEc uses bibliographic data supplied by the respective publishers.