TY - GEN
T1 - A Conceptual Model for Information Security Risk Considering Business Process Perspective
AU - Hariyanti, Eva
AU - Djunaidy, Arif
AU - Siahaan, Daniel Oranova
N1 - Publisher Copyright:
© 2018 IEEE.
PY - 2018/11/8
Y1 - 2018/11/8
N2 - Information security risk assessment (ISRA) and modeling has become a prominent topic in the last decade. ISRA methods have been developed by many researchers, showing that this issue is always on the lookout for review. Business process is a new perspective in ISRA domain. In this perspective, risk assessment is based on business processes rather than organization's assets. This research is aimed to conduct a systematic review of the ISRA model developed in recent years. Research papers from 2010 to 2017 were selected and examined in the context of information security risk assessment, modeling, and its relationship with business process management. In addition to the current taxonomy, new aspects were added to analyze these papers, i.e. risk context, adaptive ability, and model purpose. Based on analysis results, two research gaps in information security risk modeling were found. First, risk model should have comprehensive assessment method that considers vulnerability propagation and resource valuation in different resources level. Second, risk model should also be able to adapt to business process changes. In this paper, research challenges faced with respect to such issues are outlined and a new conceptual model for ISRA is proposed.
AB - Information security risk assessment (ISRA) and modeling has become a prominent topic in the last decade. ISRA methods have been developed by many researchers, showing that this issue is always on the lookout for review. Business process is a new perspective in ISRA domain. In this perspective, risk assessment is based on business processes rather than organization's assets. This research is aimed to conduct a systematic review of the ISRA model developed in recent years. Research papers from 2010 to 2017 were selected and examined in the context of information security risk assessment, modeling, and its relationship with business process management. In addition to the current taxonomy, new aspects were added to analyze these papers, i.e. risk context, adaptive ability, and model purpose. Based on analysis results, two research gaps in information security risk modeling were found. First, risk model should have comprehensive assessment method that considers vulnerability propagation and resource valuation in different resources level. Second, risk model should also be able to adapt to business process changes. In this paper, research challenges faced with respect to such issues are outlined and a new conceptual model for ISRA is proposed.
KW - business process change
KW - information security
KW - risk model
UR - http://www.scopus.com/inward/record.url?scp=85058522224&partnerID=8YFLogxK
U2 - 10.1109/ICSTC.2018.8528678
DO - 10.1109/ICSTC.2018.8528678
M3 - Conference contribution
AN - SCOPUS:85058522224
T3 - Proceedings - 2018 4th International Conference on Science and Technology, ICST 2018
BT - Proceedings - 2018 4th International Conference on Science and Technology, ICST 2018
PB - Institute of Electrical and Electronics Engineers Inc.
T2 - 4th International Conference on Science and Technology, ICST 2018
Y2 - 7 August 2018 through 8 August 2018
ER -