Limited-time offer! Save up to 50% Off | Solutions starting at $6 each  

Enterprise Information Security Risk Analysis

Added on - 11 May 2020

Trusted by +2 million users,
1000+ happy students everyday
Showing pages 1 to 2 of 4 pages
Running head: SUMMARY OF ARTICLESummary of ArticleName of the StudentName of the UniversityAuthor’s Note:
1SUMMARY OF ARTICLEA Two-Phase Quantitative Methodology for Enterprise Information Security Risk AnalysisSummary: Enterprise information system is responsible for improving the overall functions of a particularenterprise. Computer networks, however, are vulnerable to all type of security risks and threats(Bhattacharjee et al., 2012). These types of attacks or threats can be mitigated by certain systematicapproaches and strategies.There are few methodologies for analyzing any type of information security risks or threats(Jerman-Blazic, 2012). The first method is the OCTAVE method, which allows any organization to takedecisions based on integrity, availability and confidentiality of IT assets. The second method is the TenStep Process method, which has several steps like identification, prioritization of threats, calculation ofthe factors of risk, safeguards identification and ranking, and the preparation of report of risk analysis(Peltier, 2013). The third approach is the FRAAP method, which attempts to recognize the threats withrespect to the effects on business processes. The three tools for analysis of information security risk areCOBRA, CORAS and CRAMM.There are few requirements for the method of information security risk analysis (Jerman-Blazic,2012). The confidentiality and integrity requirements refer to the overall protection and accuracy ofinformation from any type of unauthorized access. The availability requirement makes sure that theinformation is available to the authorized users. Authenticity refers to the verification of information,while, non-repudiation refers to the ability of prevention of denial of services (Laudon & Laudon, 2016).Loss impact refers to the requirement of a particular asset in enterprise and legal and contractualrequirement is the set of contractual requirements, which a particular organization claims to fulfill.There are two types of proposed approaches in securing the information, data or services in anenterprise. Moreover, the approaches even help to recognize the threats or risks in the information system.The first approach is the consolidated approach, which evaluates a specific risk factor value for aparticular asset (Bhattacharjee et al., 2012). It segments that asset in the classification of low, medium orhigh risk. The second approach is the detailed approach. It not only evaluates a specific risk factor, butalso recognizes that particular pair of threat vulnerability, that has caused the risk.Enterprise information system helps to improve the functions of business processes. There arerisks and threats associated to this information system. Various methods are present to identify and
desklib-logo
You’re reading a preview
Preview Documents

To View Complete Document

Click the button to download
Subscribe to our plans

Download This Document