Enterprise Information Security Risk Analysis

Verified

Added on 2020/05/11

AI Summary

This assignment presents a summary of an article titled 'A Two-Phase Quantitative Methodology for Enterprise Information Security Risk Analysis'. The article explores the importance of securing enterprise information systems, outlining various methodologies like OCTAVE, Ten Step Process, and FRAAP. It also discusses key requirements for risk analysis, such as confidentiality, integrity, availability, and legal compliance. The article proposes a consolidated approach and a detailed approach for analyzing specific risk factors and threat-vulnerability pairs within enterprise systems.

Contribute Materials

Your contribution can guide someone’s learning journey. Share your documents today.

Running head: SUMMARY OF ARTICLE
Summary of Article
Name of the Student
Name of the University
Author’s Note:

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.

💎 Get Pro

1
SUMMARY OF ARTICLE
A Two-Phase Quantitative Methodology for Enterprise Information Security Risk Analysis
Summary: Enterprise information system is responsible for improving the overall functions of a particular
enterprise. Computer networks, however, are vulnerable to all type of security risks and threats
(Bhattacharjee et al., 2012). These types of attacks or threats can be mitigated by certain systematic
approaches and strategies.
There are few methodologies for analyzing any type of information security risks or threats
(Jerman-Blazic, 2012). The first method is the OCTAVE method, which allows any organization to take
decisions based on integrity, availability and confidentiality of IT assets. The second method is the Ten
Step Process method, which has several steps like identification, prioritization of threats, calculation of
the factors of risk, safeguards identification and ranking, and the preparation of report of risk analysis
(Peltier, 2013). The third approach is the FRAAP method, which attempts to recognize the threats with
respect to the effects on business processes. The three tools for analysis of information security risk are
COBRA, CORAS and CRAMM.
There are few requirements for the method of information security risk analysis (Jerman-Blazic,
2012). The confidentiality and integrity requirements refer to the overall protection and accuracy of
information from any type of unauthorized access. The availability requirement makes sure that the
information is available to the authorized users. Authenticity refers to the verification of information,
while, non-repudiation refers to the ability of prevention of denial of services (Laudon & Laudon, 2016).
Loss impact refers to the requirement of a particular asset in enterprise and legal and contractual
requirement is the set of contractual requirements, which a particular organization claims to fulfill.
There are two types of proposed approaches in securing the information, data or services in an
enterprise. Moreover, the approaches even help to recognize the threats or risks in the information system.
The first approach is the consolidated approach, which evaluates a specific risk factor value for a
particular asset (Bhattacharjee et al., 2012). It segments that asset in the classification of low, medium or
high risk. The second approach is the detailed approach. It not only evaluates a specific risk factor, but
also recognizes that particular pair of threat vulnerability, that has caused the risk.
Enterprise information system helps to improve the functions of business processes. There are
risks and threats associated to this information system. Various methods are present to identify and

2
SUMMARY OF ARTICLE
analyze the risks or threats in this information system. The proposed approaches for this purpose are the
consolidated and detailed approaches.

3
SUMMARY OF ARTICLE
References
Bhattacharjee, J., Sengupta, A., Mazumdar, C., & Barik, M. S. (2012, September). A two-phase
quantitative methodology for enterprise information security risk analysis. In Proceedings of the
CUBE International Information Technology Conference (pp. 809-815). ACM.
Jerman-Blazic, B. (2012). Quantitative Model for Economic Analyses of information Security investment
in an Enterprise information System. Organizacija, 45(6), 276.
Laudon, K. C., & Laudon, J. P. (2016). Management information system. Pearson Education India.
Peltier, T. R. (2013). Information security fundamentals. CRC Press.

1 out of 4

+13062052269

info@desklib.com

Enterprise Information Security Risk Analysis

Contribute Materials

Secure Best Marks with AI Grader

Related Documents

IT Risk Management: Concepts & Classification

Security Risk Analysis and Management: A Comprehensive Guide

Identification of the four Vulnerabilities for the Various Assets

Agency Risk Assessment 2022

Security and Risk Management: Amcor

Cybersecurity Report