A Conceptual Model for Information Security Risk Considering Business Process Perspective

Research output: Chapter in Book/Report/Conference proceedingConference contributionpeer-review

13 Citations (Scopus)

Abstract

Information security risk assessment (ISRA) and modeling has become a prominent topic in the last decade. ISRA methods have been developed by many researchers, showing that this issue is always on the lookout for review. Business process is a new perspective in ISRA domain. In this perspective, risk assessment is based on business processes rather than organization's assets. This research is aimed to conduct a systematic review of the ISRA model developed in recent years. Research papers from 2010 to 2017 were selected and examined in the context of information security risk assessment, modeling, and its relationship with business process management. In addition to the current taxonomy, new aspects were added to analyze these papers, i.e. risk context, adaptive ability, and model purpose. Based on analysis results, two research gaps in information security risk modeling were found. First, risk model should have comprehensive assessment method that considers vulnerability propagation and resource valuation in different resources level. Second, risk model should also be able to adapt to business process changes. In this paper, research challenges faced with respect to such issues are outlined and a new conceptual model for ISRA is proposed.

Original languageEnglish
Title of host publicationProceedings - 2018 4th International Conference on Science and Technology, ICST 2018
PublisherInstitute of Electrical and Electronics Engineers Inc.
ISBN (Electronic)9781538658130
DOIs
Publication statusPublished - 8 Nov 2018
Event4th International Conference on Science and Technology, ICST 2018 - Yogyakarta, Indonesia
Duration: 7 Aug 20188 Aug 2018

Publication series

NameProceedings - 2018 4th International Conference on Science and Technology, ICST 2018

Conference

Conference4th International Conference on Science and Technology, ICST 2018
Country/TerritoryIndonesia
CityYogyakarta
Period7/08/188/08/18

Keywords

  • business process change
  • information security
  • risk model

Fingerprint

Dive into the research topics of 'A Conceptual Model for Information Security Risk Considering Business Process Perspective'. Together they form a unique fingerprint.

Cite this