Abstract
The emergence of the COVID-19 pandemic led several organizations around the world and in the most varied areas of activity, to move from the intention to implement a digital transformation in the medium/long-term, to an instant obligation to apply the digital transformation. The organizations’ ability to adapt immediately meant their survival and even in some cases a positive evolution of their business. The digital transformation applied in an abrupt way has uncovered some critical factors for its success. One of the most relevant factors will be information security. Many of the digital systems put into operation more intensively during the pandemic, have shown to be highly fragile on issues related to information security. One relevant problem of the organizations is the low effectiveness and efficiency of financial, human, and material resources, allocated to the reduction or mitigation of the risks identified in their information systems. This study aims to offer a new method for prioritizing security risks. The new proposed method directs the organizations resources to more effectively and efficiently actions to reduce or mitigate the identified vulnerabilities of the information system.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Similar content being viewed by others
References
Griffin D, Denholm J (2020) This isn’t the first global pandemic, and it won’t be the last. 2020. [Online]. Available: https://theconversation.com/this-isnt-the-first-global-pandemic-and-it-wont-be-the-last-heres-what-weve-learned-from-4-others-throughout-history-136231. Acedido em 13 5 2021
Carroll N, Conboy K (2020) Normalising the “New normal”: changing tech-driven work practices under pandemic time pressure. Int J Inf 55
Ågerfalk PJ (2020) Artificial intelligence as digital agency. Eur J Inf Syst 1(29):1–8
Papagiannidis S, Harris J, Morton D (2020) WHO led the digital transformation of your company? A reflection of IT related challenges during the pandemic. Int J Inf Manage
Silva MM, Gusmão APHd, Poleto T, Silva LC, Costa APCS (2014) A multidimensional approach to information security risk management using FMEA and fuzzy theory. Int J Inf Manag 34:733–740
Schmittner C, Gruber T, Puschner P, Schoitsch E (2014) Security application of failure mode and effect analysis. In: International conference on computer safety, reliability, and security
Patel SC, Graham JH, Ralston PAS (2008) Quantitatively assessing the vulnerability of critical information systems: a new method for evaluating security enhancements. Int J Inf Manag 28(6):483–491
I. S. O. (ISO) e I. International electrotechnical commission, ISO/IEC 27005, Information technology—security techniques—information security risk management (2008)
Bojanc R, Blazic BJ (2008) An economic modelling approach to information security risk management. Int J Inf Manag 28:413–422
I. E. Commission, IEC 61508, Functional safety of electrical/electronic/programmable electronic safety-related systems (E/E/PE, or E/E/PES) (2010)
I. S. O. (ISO), ISO/IEC 27000 - Information technology — Security techniques — Information security management systems—overview and vocabulary. International Standardization Organization, 2018. [Online]. Available: https://www.iso.org/standard/73906.html. Acedido em 20 5 2021
I. S. O. (ISO) ISO/IEC 27001—Information Security Management, International Standardization Organization, 2013. [Online]. Available: https://www.iso.org/isoiec-27001-information-security.html. Acedido em 22 5 2021
I. S. O. (ISO) e I. E. C. (IEC), ISO/IEC:27002: information technology—security techniques—code of practice for information security management
Ozkan S, Karabacak B (2010) Collaborative risk method for information security management practices: a case context within Turkey. Int J Inf Manag 30(6):567–572
Abdullah K, Mohd Rohani J, Ngadiman M (2005) Development of FMEA information system for manufacturing industry. In: 3rd international conference on modeling and analysis of semiconductor manufacturing, Singapore
D. o. D. (US), MIL-P-1629: procedures for performing a failure mode, effects and Criticality analysis
McDemortt RE, Mikulak RJ, Beauregard MR (2009) The basics of FMEA (2nd). Taylor & Francis Group, New York
Lin Q-L, Wang D-J, Lin W-G, Liu H-C (2014) Human reliability assessment for medical devices based on failure mode and effects analysis and fuzzy linguistic theory. Saf Sci 62:248–256
Goodman S (1996) Design for manufacturability at midwest industries, Harvard: Lecture
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2022 The Author(s), under exclusive license to Springer Nature Singapore Pte Ltd.
About this paper
Cite this paper
Costa, I., Guarda, T. (2022). Information System Security Risk Priority Number: A New Method for Evaluating and Prioritization Security Risk in Information System Applying FMEA. In: Ullah, A., Anwar, S., Rocha, Á., Gill, S. (eds) Proceedings of International Conference on Information Technology and Applications. Lecture Notes in Networks and Systems, vol 350. Springer, Singapore. https://doi.org/10.1007/978-981-16-7618-5_49
Download citation
DOI: https://doi.org/10.1007/978-981-16-7618-5_49
Published:
Publisher Name: Springer, Singapore
Print ISBN: 978-981-16-7617-8
Online ISBN: 978-981-16-7618-5
eBook Packages: Intelligent Technologies and RoboticsIntelligent Technologies and Robotics (R0)