Enhancing Information Security Risk Management for Organizations
||International Journal of Computer & Organization Trends (IJCOT)||
|© 2015 by IJCOT Journal|
|Volume - 5 Issue - 2
|Year of Publication : 2015|
|Authors : Subir Kochar, Sachin Goyal, Ratish Agarwal, Mahesh Pawar|
|DOI : 10.14445/22492593/IJCOT-V19P306|
Subir Kochar, Sachin Goyal, Ratish Agarwal, Mahesh Pawar"Enhancing Information Security Risk Management for Organizations", International Journal of Computer & organization Trends (IJCOT), V5(2):55-59 Mar - Apr 2015, ISSN:2249-2593, www.ijcotjournal.org. Published by Seventh Sense Research Group.
Abstract - Risk is defined as the uncertainty of results which can be either positive opportunity or a threat for the organization. The research will start from introduction of risks, impact of risk, Risk Factors, Type of Risks. Risk management which is a critical area is then focused for assessing, optimizing risks. A major part in risk management is risk assessment and analysis which derives data for decision making. Risk management is summarized including the different phases of it including risk identification, assessment and mitigation. A glimpse of desirable characteristics of an ideal risk management is also mentioned. After that problem like no identification procedure for critical controls, problem with management of dynamic risks and selection of existing methodology are discussed. The research will go through the comparative framework of existing methodologies for easing selection and also Talks about ISO 27005 and COBIT framework for overcoming the problems.
 Bob Blakley, Ellen McDermott, Dan Geer, Information Security is Information Risk Management.
 Elena Ramona Stroie, Alina Cristina RUSU, Security Risk Management - Approaches and Methodology, 2011
 Gary Stoneburner, Alice Goguen and Alexis Feringa, Risk Management Guide for Information Technology Systems, National Institute of Standards and Technology Special Publication 800-30, 2002
 Information Security Risk Assessment Practices of Leading Organizations, US General accounting office, GAO, 1999
 Venkata Kiran Maram, A Study of Risk Management of an Information System by Assessing Threat, Vulnerability and Countermeasure, International Journal of Advanced Research in Computer Science and Software Engineering
 W.G. Borman, L. Labuschagne, A comparative framework for evaluating information security risk management methods, South Africa, 2004
 Dan Ionita, Current Established Risk Assessment Methodologies and Tools, 2013
 Armaghan Behnia et al, A Survey of Information Security Risk Analysis Methods, Smart Computing Review, vol. 2, 2012
 K.V.D.Kiran et al, Performance And Analysis of Risk Assessment Methodologies In Information Security, International Journal of Computer Trends and Technology (IJCTT), Vol. 4 Issue 10, 2013
 Stefan Taubenberger et al, Problem Analysis of Traditional IT-Security Risk Assessment Methods – An Experience Report from the Insurance and Auditing domain.
 Denis Smith & Moira Fischbacher, The changing nature of risk and risk management: The challenge of borders, uncertainty and resilience, Editorial Review, 2009
 Chitra Baggar, Richa Sinha, Identification And Analysis Of Risks For Cloud Computing In IAAS, PAAS And SAAS, International Journal of Computer Organization Trends Volume 3 Issue 9, 2013
 John W. Lainhart, Journal of information systems, Vol. 14, 2000, Cobit: A methodology for managing and controlling information technology risks and vulnerabilities.
 Pyka Marek, Januszkiewicz Paulina, The OCTAVE methodology as a risk analysis tool for business resources, Proceedings of the International Multi conference on Computer Science and Information Technology, 2006
 Bob Blakley, Ellen McDermott, Dan Geer, Information Security is Information Risk Management
 Ketil Stølen, Folker den Braber, Theo Dimitrakos, Rune Fredriksen, Bjørn Axel Gran, Siv-Hilde Houmb, Mass Soldal Lund, Yannis C. Stamatiou and Jan Øyvind Aagedal, Model-based risk assessment – the CORAS approach
 Guide for Conducting Risk Assessments, Computer Security Division and Information Technology Laboratory, NIST Special Publication 800-30, 2013
 Artur Rot, IT Risk Assessment: Quantitative and Qualitative Approach, Proceedings of the World Congress on Engineering and Computer Science, 2008
 Michel Crouhy, Dan Galai and Robert Mark, The Essentials of Risk Management, McGraw-Hill publication, 2009
 ISO/IEC 27001: 2011, Information technology – Security techniques – Information security risk management, BSI, 2011
Risk Management, Risk Assessment, Risk Identification, Risk Mitigation, COBIT.