Running head: SUMMARY OF ARTICLESummary of ArticleName of the StudentName of the UniversityAuthor’s Note:
1SUMMARY OF ARTICLEA Two-Phase Quantitative Methodology for Enterprise Information Security Risk AnalysisSummary: Enterprise information system is responsible for improving the overall functions of a particularenterprise. Computer networks, however, are vulnerable to all type of security risks and threats(Bhattacharjee et al., 2012). These types of attacks or threats can be mitigated by certain systematicapproaches and strategies.There are few methodologies for analyzing any type of information security risks or threats(Jerman-Blazic, 2012). The first method is the OCTAVE method, which allows any organization to takedecisions based on integrity, availability and confidentiality of IT assets. The second method is the TenStep Process method, which has several steps like identification, prioritization of threats, calculation ofthe factors of risk, safeguards identification and ranking, and the preparation of report of risk analysis(Peltier, 2013). The third approach is the FRAAP method, which attempts to recognize the threats withrespect to the effects on business processes. The three tools for analysis of information security risk areCOBRA, CORAS and CRAMM. There are few requirements for the method of information security risk analysis (Jerman-Blazic,2012). The confidentiality and integrity requirements refer to the overall protection and accuracy ofinformation from any type of unauthorized access. The availability requirement makes sure that theinformation is available to the authorized users. Authenticity refers to the verification of information,while, non-repudiation refers to the ability of prevention of denial of services (Laudon & Laudon, 2016).Loss impact refers to the requirement of a particular asset in enterprise and legal and contractualrequirement is the set of contractual requirements, which a particular organization claims to fulfill.There are two types of proposed approaches in securing the information, data or services in anenterprise. Moreover, the approaches even help to recognize the threats or risks in the information system.The first approach is the consolidated approach, which evaluates a specific risk factor value for aparticular asset (Bhattacharjee et al., 2012). It segments that asset in the classification of low, medium orhigh risk. The second approach is the detailed approach. It not only evaluates a specific risk factor, butalso recognizes that particular pair of threat vulnerability, that has caused the risk. Enterprise information system helps to improve the functions of business processes. There arerisks and threats associated to this information system. Various methods are present to identify and
End of preview
Want to access all the pages? Upload your documents or become a member.
Related Documents
ITC596 - Risk Management Assignmentlg...
|4
|619
|73
Security Risk Analysis and Management: A Comprehensive Guidelg...
|20
|2542
|272
Identification of the four Vulnerabilities for the Various Assetslg...
|12
|2717
|30
Agency Risk Assessment 2022lg...
|11
|2651
|19
Security and Risk Management: Amcorlg...
|15
|3379
|242
Cybersecurity Threats and Anti-Spam 3 CONCLUSIONS 4 INTRODUCTION Cybersecurity Threats and Anti-Spam 3 CONCLUSION 3 REFERENCES 4 INTRODUCTION Cybersecurity Threats and Anti-Spam 3 CONCLUSION 3 REFERENlg...