Skip to main content
SpringerLink
Log in
Book cover

Security Informatics pp 155–170Cite as

Duplicate Work Reduction in Business Continuity and Risk Management Processes

  • Chapter
  • First Online:

Part of the book series: Annals of Information Systems ((AOIS,volume 9))

Abstract

Business continuity management (BCM) and risk management (RM) processes are very important to current organizations. The former ensures that organizations can limit losses after severe contingencies or disasters. The latter helps organizations identify potential security incidents and adopt the most cost-effective countermeasures. However, current risk management approaches or methodologies do not reflect the important differences between RM and BCM processes. Therefore, even an organization that has established RM processes may need to re-assess the risks for BCM processes. In light of this, this study proposes RiskPatrol, a risk management system that provides an integrated view of risks associated with RM and BCM processes. RiskPatrol provides an easy way for users to retain enough information for BCM while they perform risk assessment in RM processes, and vice versa. The proposed approach can improve the efficiency of establishing information security management systems by minimizing redundancies in RM and BCM processes.

This is a preview of subscription content, log in via an institution.

Chapter
USD   29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD   84.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD   109.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Learn about institutional subscriptions

Notes

  1. 1.

    Although the concept of risk is wildly used in several domains, this chapter focuses on the risk in information security. This chapter uses risk as information security risk.

References

  1. Alberts CJ, Dorofee A (2002) Managing Information Security Risks: The OCTAVE Approach. Boston: Addison-Wesley Longman Publishing Co., Inc

    Google Scholar 

  2. Anderson AM (1991) Comparing risk analysis methodologies. In: D. T. Lindsay and W. L. Price (eds) IFIP TC11, Seventh International Conference on Information Security (IFIP/Sec’91). Elsevier, pp. 301–311

    Google Scholar 

  3. British Standards Institute (BSI) (2003) Guide to business continuity management. BSI Publicy Available Specification PAS56

    Google Scholar 

  4. British Standards Institute (BSI) (2006) Business continuity management. Code of practice. BSI Standard 25999-1:2006

    Google Scholar 

  5. British Standards Institute (BSI) (2006) Information security management systems – part 3: Guidelines for information security risk management. BSI Standard 7799-3:2006

    Google Scholar 

  6. Cha SC, Tung HW, Hsu CH, Lee HC, Tsai TM, Lin R (2005) Take Risks into Consideration while Job Dispatching, ser. IFIP International Federation for Information Processing. Springer, Boston, vol. 191/2005, pp. 1–14

    Google Scholar 

  7. Eloff JHP, Labuschagne L, Badenhorst KP (1993) A comparative framework for risk analysis methods. Computers & Security, vol. 12, no. 6, pp. 597–603

    Article  Google Scholar 

  8. Gordon LA, Loeb MP (2002) The economics of information security investment. ACM Transactions on Information and System Security (TISSEC), vol. 5, no. 4, pp. 438–457

    Article  Google Scholar 

  9. Hausken K (2006) Returns to information security investment: The effect of alternative information security breach functions on optimal investment and sensitivity to vulnerability. Information Systems Frontiers, vol. 8, no. 5, pp. 338–349

    Article  Google Scholar 

  10. Hoo KJS (2000) How much is enough: a risk management approach to computer security. Ph.D. dissertation, Stanford University

    Google Scholar 

  11. ISO/IEC (1998) Information technology – security techniques – management of information and communications technology security – part 3: Techniques for the management of IT security. ISO/IEC TR 13335-3 Technical Report

    Google Scholar 

  12. ISO/IEC (2005) Information technology – security techniques – information security management systems – code of practice for information security management. ISO/IEC 17799:2005 International Standard

    Google Scholar 

  13. ISO/IEC (2005) Information technology – security techniques – information security management systems – requirements. ISO/IEC 27001:2005 International Standard

    Google Scholar 

  14. Karabacaka B, Sogukpinarb I (2005) ISRAM: information security risk analysis method. Computers & Security, vol. 24, no. 2, pp. 147–159

    Article  Google Scholar 

  15. Karabacaka B, Sogukpinarb I (2006) A quantitative method for ISO 17799 gap analysis. Computers & Security, vol. 25, no. 6, pp. 413–419

    Article  Google Scholar 

  16. Lund MS, Braber F, Stølen K, Vraalsen F (2004) A UML profile for the identification and analysis of security risks during structured brainstormings. SINTEF report

    Google Scholar 

  17. Microsoft Solutions for Security and Compliance group (MSSC), Microsoft Security Center of Excellence (SCOE) (2006) The security risk management guide v1.2. Microsoft Corporation

    Google Scholar 

  18. Office of Government Commerce (OGC) (2000) Service Support. TSO

    Google Scholar 

  19. Office of Government Commerce (OGC) (2001) Service Delivery. TSO

    Google Scholar 

  20. Stoneburner G, Goguen A, Feringa A (2002) Risk management guide for information technology systems. Recommendations of the NIST Special Publication 800-30

    Google Scholar 

  21. Swanson M, Wohl A, Pope L, Grance T, Hash J, Thomas R (2002) Contingency planning guide for information technology systems. NIST Special Publication 800-34

    Google Scholar 

  22. Taiwan Financial Supervisory Commission (2007) Regulations governing establishment of internal control systems by public companies

    Google Scholar 

  23. The Committee of Sponsoring Organizations of the Treadway Commission (COSO) (2004) Enterprise risk management – integrated framework. COSO Publications

    Google Scholar 

  24. U.S. Department of Commerce (1979) Guidelines for automatic data processing risk analysis. FIPS Publications 65

    Google Scholar 

  25. U.S. Department of Commerce (1995) An introduction to computer security: The NIST handbook. NIST Special Publication 800-12

    Google Scholar 

  26. Whitman ME, Mattord HJ (2006) Principles of incident response and disaster recovery. Course Technology

    Google Scholar 

  27. Whitman ME, Mattord HJ (2007) Management of information security, 2nd edn. Course Technology

    Google Scholar 

  28. Yazar Z (2002) A qualitative risk analysis and management tool – CRAMM. SANS InfoSec Reading Room White Paper

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Department of Information Management, National Taiwan University of Science and Technology, Taipei 106, Taiwan, ROC

    Shi-Cho Cha, Pei-Wen Juo, Li-Ting Liu & Wei-Ning Chen

Authors
  1. Shi-Cho Cha
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Pei-Wen Juo
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Li-Ting Liu
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Wei-Ning Chen
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Shi-Cho Cha .

Editor information

Editors and Affiliations

  1. College of Information Science &, Drexel University, Chestnut St. 3141, Philadelphia, 19104-2875, U.S.A.

    Christopher C. Yang

  2. School of Business, University of Hong Kong, Pokfulam Road, Hong Kong, Hong Kong/PR China

    Michael Chau

  3. Dept. Information Management, Central Police University, Gueishan, Taoyuan, 33334, Taiwan R.O.C.

    Jau-Hwang Wang

  4. Eller College of Management , University of Arizona , E. Helen St. 1130, Tucson, 85721, U.S.A.

    Hsinchun Chen

Rights and permissions

Reprints and permissions

Copyright information

© 2010 Springer Science+Business Media, LLC

About this chapter

Cite this chapter

Cha, SC., Juo, PW., Liu, LT., Chen, WN. (2010). Duplicate Work Reduction in Business Continuity and Risk Management Processes. In: Yang, C., Chau, M., Wang, JH., Chen, H. (eds) Security Informatics. Annals of Information Systems, vol 9. Springer, Boston, MA. https://doi.org/10.1007/978-1-4419-1325-8_9

Download citation

  • DOI: https://doi.org/10.1007/978-1-4419-1325-8_9

  • Published:

  • Publisher Name: Springer, Boston, MA

  • Print ISBN: 978-1-4419-1324-1

  • Online ISBN: 978-1-4419-1325-8

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation