Abstract
Information security risk management is a crucial component of every organization's security plan. It comprises the identification, assessment, and prioritization of potential security risks to an organization's information assets as well as the implementation of protective measures or risk management plans. For this method to work, a detailed understanding of an organization's assets, threats, vulnerabilities, and potential impacts of security incidents is required. Effective information security risk management ensures business continuity, safeguards critical information assets, and prevents data breaches. In this study, the key concepts, practices, and tools of information security risk management are discussed. It also looks at the most effective strategies to set up a successful risk management program and identifies emerging trends.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Similar content being viewed by others
References
Landoll D (2021) The security risk assessment handbook: a complete guide for performing security risk assessments. CRC Press
Wheeler E (2011) Security risk management: building an information security risk management program from the ground up. Elsevier
Fundamentals of Information Security Risk Management, https://www.rapid7.com/fundamentals/information-security-risk-management/
Risk Management Process, https://continuingprofessionaldevelopment.org/risk-management-steps-in-risk-management-process/
Information Security Assessment Types, https://danielmiessler.com/study/security-assessment-types/
Delphi Method, Available: https://en.wikipedia.org/wiki/Delphi_method
Limitations of risk Assessment, International Institute of Risk and safety Management. Available: https://www.iirsm.org/limitation-risk-assessment
Plackett RL, Burman JP (1946) The design of optimum multifactorial experiments. Biometrika 33(4):305–325
Singh A, Lilja D (2009) Improving risk assessment methodology: a statistical design of experiments approach. In: Proceedings of the 2nd international conference on security of information and networks, pp 21–29
Chen G, Wang K, Tan J, Li X (2019) A risk assessment method based on software behavior. In: 2019 IEEE international conference on intelligence and security informatics (ISI). IEEE, pp 47–52
Li D (2019) Research on legal risk assessment in high-tech SMEs based on AHP-FCE model. In: 2019 IEEE 6th international conference on industrial engineering and applications (ICIEA). IEEE, pp 828–831
D’Arcy J, Herath T, Shoss MK (2014) Understanding employee responses to stressful information security requirements: a coping perspective. J Manag Inf Syst 31(2):285–318
Yin RK (2009) Case study research: design and methods (vol 5). Sage
Lundgren M, Bergström E (2019) Security-related stress: a perspective on information security risk management. In: 2019 International conference on cyber security and protection of digital services (cyber security). IEEE, pp 1–8
Prajanti AD, Ramli K (2019) A proposed framework for ranking critical information assets in information security risk assessment using the octave allegro method with decision support system methods. In: 2019 34th International technical conference on circuits/systems, computers and communications (ITC-CSCC). IEEE, pp 1–4
Malinowski K, Karbowski A (2019) Hierarchical on-line risk assessment at national level. In: 2019 International conference on military communications and information systems (ICMCIS). IEEE, pp 1–5
Rindell K, Holvitie J (2019) Security risk assessment and management as technical debt. In: 2019 International conference on cyber security and protection of digital services (cyber security). IEEE, pp 1–8
Bhatia M, Maitra JK (2018) E-learning platforms security issues and vulnerability analysis. In: 2018 International conference on computational and characterization techniques in engineering & sciences (CCTES). IEEE, pp 276–285
Jackson LA, Al-Hamdani W (2008) Economic acceptable risk assessment model. In: Proceedings of the 5th annual conference on Information security curriculum development, pp 36–39
Han X, Huang H, Wang L (2019) F-PAD: Private attribute disclosure risk estimation in online social networks. IEEE Trans Dependable Secure Comput 16(6):1054–1069
Pulkkinen P, Tiwari N, Kumar A, Jones C (2018) A multi-objective rule optimizer with an application to risk management. In: 2018 17th IEEE international conference on machine learning and applications (ICMLA). IEEE, pp 66–72
Dutta A, Al-Shaer E (2019) “What”,“Where”, and “Why” cybersecurity controls to enforce for optimal risk mitigation. In: 2019 IEEE Conference on Communications and Network Security (CNS). IEEE, pp 160–168
Arena M, Arnaboldi M, Azzone G (2011) Is enterprise risk management real? J Risk Res 14(7):779–797
Power M (2007) Organized uncertainty: designing a world of risk management. Oxford University Press on Demand
Pavlova XL, Shaposhnikov SO (2019) Risk management for university competitiveness assurance. In: 2019 IEEE conference of Russian young researchers in electrical and electronic engineering (EIConRus). IEEE, pp 1440–1443
Lima AM (2010) Risk assessment on distributed software projects. In: 2010 ACM/IEEE 32nd international conference on software engineering, vol 2. IEEE, pp 349–350
Privacy rights clearing House Breaches. Available: https://privacyrights.org/data-breaches
Carfora MF, Orlando A (2019) Quantile based risk measures in cyber security. In: 2019 International conference on cyber situational awareness, data analytics and assessment (Cyber SA). IEEE, pp 1–4
Mkpong-Ruffin I, Umphress D, Hamilton J, Gilbert J (2007) Quantitative software security risk assessment model. In: Proceedings of the 2007 ACM workshop on quality of protection, pp 31–33
Rae A, Hawkins R (2012) Risk assessment in the wild. In: Proceedings of the Australian system safety conference, vol 145, pp 83–89
Awan MSK, Burnap P, Rana O (2015) An empirical risk management framework for monitoring network security. In: 2015 IEEE international conference on computer and information technology; ubiquitous computing and communications; dependable, autonomic and secure computing; pervasive intelligence and computing. IEEE, pp 1764–1771
Massacci F, Paci F, Solhaug B, Tedeschi A (2014) EMFASE—an empirical framework for security design and economic trade-off. In: 2014 Ninth international conference on availability, reliability and security. IEEE, pp 537–543
Why it is essential to conduct IT Security Assessment, https://www.cloudsecuretech.com/essential-conduct-security-assessment/
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2023 The Author(s), under exclusive license to Springer Nature Singapore Pte Ltd.
About this paper
Cite this paper
Rajathi, C., Rukmani, P. (2023). Investigation of Assessment Methodologies in Information Security Risk Management. In: Ranganathan, G., Papakostas, G.A., Rocha, Á. (eds) Inventive Communication and Computational Technologies. ICICCT 2023. Lecture Notes in Networks and Systems, vol 757. Springer, Singapore. https://doi.org/10.1007/978-981-99-5166-6_26
Download citation
DOI: https://doi.org/10.1007/978-981-99-5166-6_26
Published:
Publisher Name: Springer, Singapore
Print ISBN: 978-981-99-5165-9
Online ISBN: 978-981-99-5166-6
eBook Packages: Intelligent Technologies and RoboticsIntelligent Technologies and Robotics (R0)