ScienceDirect® Home Skip Main Navigation Links
You have guest access to ScienceDirect. Find out more.
 
Home
Browse
My Settings
Alerts
Help
 Quick Search
 Search tips (Opens new window)
    Clear all fields    
Computers & Security
Volume 24, Issue 2, March 2005, Pages 147-159
 
Font Size: Decrease Font Size  Increase Font Size
 Abstract - selected
Article
Purchase PDF (309 K)

  E-mail Article   
  Add to my Quick Links   
Bookmark and share in 2collab (opens in new window)
Request permission to reuse this article
  Cited By in Scopus (3)
 
 
 
Related Articles in ScienceDirect
View More Related Articles
 
View Record in Scopus
 
doi:10.1016/j.cose.2004.07.004    How to Cite or Link Using DOI (Opens New Window)
Copyright © 2004 Elsevier Ltd All rights reserved.

ISRAM: information security risk analysis method

Bilge Karabacaka, Corresponding Author Contact Information, E-mail The Corresponding Author and Ibrahim Sogukpinarb, E-mail The Corresponding Author

aNational Research Institute of Electronics & Cryptology (UEKAE), P.O Box 74, 41470 Gebze, Kocaeli, Turkey bGebze Institute of Technology, 41400 Gebze, Kocaeli, Turkey

Received 24 December 2003; 
revised 27 July 2004; 
accepted 27 July 2004. 
Available online 22 September 2004.

Purchase the full-text article



References and further reading may be available for this article. To view references and further reading you must purchase this article.

Abstract

Continuously changing nature of technological environment has been enforcing to revise the process of information security risk analysis accordingly. A number of quantitative and qualitative risk analysis methods have been proposed by researchers and vendors. The purpose of these methods is to analyze today's information security risks properly. Some of these methods are supported by a software package. In this study, a survey based quantitative approach is proposed to analyze security risks of information technologies by taking current necessities into consideration. The new method is named as Information Security Risk Analysis Method (ISRAM). Case study has shown that ISRAM yields consistent results in a reasonable time period by allowing the participation of the manager and staff of the organization.

Keywords: Information security; Risk analysis; Quantitative risk analysis; Paper-based risk analysis; Risk model

Article Outline

Introduction
Risk analysis methods for information security
ISRAM: information security risk analysis method
Risk model of ISRAM
The method in detail
Practice of ISRAM
Step-1: awareness of the problem
Step-2: listing and weighing the factors
Step-3: converting factors into questions, designating answer choices and assigning numerical values to answer choices
Step-4: preparation of risk tables
Step-5: conduction of the survey
Step-6: application of formula (2) and obtaining a single risk value
Step-7: assessment of the results
Verification, comparison and the results of the application
Conclusion
References
Vitae



Computers & Security
Volume 24, Issue 2, March 2005, Pages 147-159
 
Home
Browse
My Settings
Alerts
Help
Elsevier.com (Opens new window)
About ScienceDirect  |  Contact Us  |  Information for Advertisers  |  Terms & Conditions  |  Privacy Policy
Copyright © 2008 Elsevier B.V. All rights reserved. ScienceDirect® is a registered trademark of Elsevier B.V.