Risk model development for information security in organization environment based on business perspectives

Ibnugraha, Prajna Deshanta and Nugroho, Lukito Edi and Santosa, Paulus Insap (2021) Risk model development for information security in organization environment based on business perspectives. International Journal of Information Security, 20 (1). 113 – 126. ISSN 16155262

Full text not available from this repository. (Request a copy)

Abstract

Digital information plays an essential role in supporting organizational business. However, incidents of sensitive information leakage often happen in organization environment. Therefore, risk analysis needs to be performed to recognize the impact of information security threat in organization. In order to carry out those risk analyses, risk model is needed to map risk of information security threat. The selection of proper risk model provides proper result related to risk analysis. The proper risk model must have objectivity and appropriate context. However, most of the existing risk models focus on the technical approach and use expert judgment as a weighting method. Meanwhile, organizations use business perspectives to determine decisions. Therefore, this study has the objective to fill the needs of organizations by developing a new risk model. The proposed risk model focuses on business aspects involvement and reducing subjective methods. The proposed risk model also uses three processes to result output, i.e., adaptable classification data, data measurement and cross-label analysis. Test mining and categorical clustering are involved to handle those three processes. Testing of the proposed model is carried out to define ability and limitation of model by involving 30 targets. The result states that the proposed model has advantages in objectivity, context approach and detailed output, while the limited scope of work becomes weakness of these models. © 2020, Springer-Verlag GmbH Germany, part of Springer Nature.

Item Type: Article
Additional Information: Cited by: 3
Uncontrolled Keywords: Ability testing; Risk analysis; Security of data; Security systems; Business aspects; Business perspective; Categorical clustering; Data measurements; Digital information; Information security threats; Sensitive informations; Subjective methods; Risk assessment
Subjects: T Technology > TK Electrical engineering. Electronics Nuclear engineering
Divisions: Faculty of Engineering > Electrical and Information Technology Department
Depositing User: Sri JUNANDI
Date Deposited: 28 Oct 2024 03:26
Last Modified: 28 Oct 2024 03:26
URI: https://ir.lib.ugm.ac.id/id/eprint/8540

Actions (login required)

View Item
View Item