A systematic review of information security risk assessment

被引：0

作者：

Pan L. ^{[1
]}

Tomlinson A. ^{[1
]}

机构：

[1] Information Security Group, Royal Holloway University of London

来源：

International Journal of Safety and Security Engineering | 2016年 / 6卷 / 02期

关键词：

Information security; ISO; 27005; Risk analysis; Risk assessment; Systematic review;

D O I：

10.2495/SAFE-V6-N2-270-281

中图分类号：

学科分类号：

摘要：

Many standards exist to guide the process of risk assessment, particularly in the field of information security. This leads to many, subtly different, definitions of risk analysis, evaluation and assessment. Consequently, researchers often confuse these terms and disciplines, which leads to further confusion within the community. In this sense, it is important to come to a common understanding of the processes and terminology to clarify research in this area. A common approach to achieve this goal is to carry out a literature review. This paper takes a formal approach to the literature review based on the ideas of the Cochrane group. The result is a systematic review of risk assessment in the field of information security. We present a systematic review of over 80 research papers published between 2004 and 2014. The main contribution of our paper is to construct a classification of these published papers into seven types. This classification aims to help researchers obtain a clear and unbiased picture of the terminology, developments and trends of information security risk assessment in the academic sector. © 2016 WIT Press.

引用

页码：270 / 281

页数：11

共 49 条

[1]

NIST, SP 800-30, Guide for Conducting Risk Assessments, (2012)

[2]

ISO, 27001:2005, Information Technology - Security Techniques - Information Security Management Systems - Requirements, (2005)

[3]

ISO, 27005:2011, Information Technology-security Techniques-information Security Risk Management, (2011)

[4]

Saleh M.S., Alfantookh A., A new comprehensive framework for enterprise information security risk management, Applied Computing and Informatics, 9, 2, pp. 107-118, (2011)

[5]

Shameli-Sendi A., Aghababaei-Barzegar R., Cheriet M., Taxonomy of information security risk assessment (isra), Computers & Security, 57, pp. 14-30, (2016)

[6]

Shamala P., Ahmad R., Yusoff M., A conceptual framework of info structure for information security risk assessment (isra), Journal of Information Security and Applications, 18, 1, pp. 45-52, (2013)

[7]

Feng N., Li M., An information systems security risk assessment model under uncertain environment, Applied Soft Computing, 11, 7, pp. 4332-4340, (2011)

[8]

Lee Z.J., Chang L.Y., Apply fuzzy decision tree to information security risk assessment, International Journal of Fuzzy Systems, 16, 2, pp. 265-269, (2014)

[9]

Awad G.A., Sultan E.I., Ahmad N., Ithnan N., Beg A., Multi-objectives model to process security risk assessment based on ahp-pso, Modern Applied Science, 5, 3, (2011)

[10]

Eren-Dogu Z.F., Celikoglu C.C., Information security risk assessment: Bayesian prioritization for ahp group decision making, International Journal of Innovative Computing, Information and Control, 8, pp. 8001-8018, (2012)

← 1 2 3 4 5 →