风险分析(工程)
信息安全
信息安全管理
安全管理
安全控制
优先次序
风险评估
控制(管理)
计算机科学
风险管理
校长(计算机安全)
过程(计算)
IT风险管理
信息风险的因子分析
安全信息和事件管理
计算机安全
业务
信息系统
过程管理
风险管理信息系统
管理信息系统
云安全计算
工程类
财务
人工智能
电气工程
操作系统
云计算
作者
Nadher Alsafwani,Yousef Fazea,Fuad Alnajjar
出处
期刊:Information
[Multidisciplinary Digital Publishing Institute]
日期:2024-06-14
卷期号:15 (6): 353-353
被引量:12
摘要
Risk assessment is a critical sub-process in information security risk management (ISRM) that is used to identify an organization’s vulnerabilities and threats as well as evaluate current and planned security controls. Therefore, adequate resources and return on investments should be considered when reviewing assets. However, many existing frameworks lack granular guidelines and mostly operate on qualitative human input and feedback, which increases subjective and unreliable judgment within organizations. Consequently, current risk assessment methods require additional time and cost to test all information security controls thoroughly. The principal aim of this study is to critically review the Information Security Control Prioritization (ISCP) models that improve the Information Security Risk Assessment (ISRA) process, by using literature analysis to investigate ISRA’s main problems and challenges. We recommend that designing a streamlined and standardized Information Security Control Prioritization model would greatly reduce the uncertainty, cost, and time associated with the assessment of information security controls, thereby helping organizations prioritize critical controls reliably and more efficiently based on clear and practical guidelines.
科研通智能强力驱动
Strongly Powered by AbleSci AI