Abstract
Purchase PDF (495 K)
E-mail Article
Add to my Quick Links
Cited By in Scopus (19)
Purchase PDF (684 K)
doi:10.1016/0167-4048(93)90056-B 
Copyright © 1993 Published by Elsevier Science Ltd. All rights reserved.
A comparative framework for risk analysis methods
Available online 12 April 2002.
References and further reading may be available for this article. To view references and further reading you must purchase this article.
Abstract
The past decade has shown the importance of information security, with special emphasis on network security, disaster recovery and risk management. A number of automated approaches for the facilitation of a risk analysis study have appeared on the software market. Organizations today face the difficult task not only of executing a risk analysis study, but also of selecting a method that will best suit their requirements.
A number of methods are available today, utilizing different terminology for similar concepts. Risk analysis, the most commonly used term in this field, is mostly used to identify objects for protection. “Risk management” might also be included as part of risk analysis, depending on the functionality of the method used. Automated risk analysis methods need to be viewed not only from the internal operation of the method but also from a terminological point of view.
The objective of this paper is to suggest a framework for risk management terminology. The application of the framework will be demonstrated through a high level discussion of the CRAMM, LAVA and MELISA risk analysis methods.
Author Keywords: Information security; Risk analysis; Risk assessment; Risk management; Automated risk analysis approaches; Risk monitoring
