Ahmad, Rabiah and Ismail, Zuraini and G .N., Samy (2010) A framework for integrated risk management process using survival analysis approach in information security. In: 2010 6th International Conference on Information Assurance and Security, IAS 2010, 2010, Atlanta, Georgia, United States.
Official URL: http://dx.doi.org/10.1109/ISIAS.2010.5604055
In this paper, we attempt to introduce a new method for performing risk analysis studies by effectively utilizing the existing risk management process framework with adoptions of medical approaches namely survival analysis approach. Under survival analysis approach, a method which is known as Cox Proportional Hazards (PH) Model will be applied in order to identify potential threats to information security. The risk management process is in this research will be based on Australian/New Zealand Standard for Risk Management (AS/NZS 4360:1999). AS/NZS 4360:1999 provides a sequencing of the core part of the risk management process into sub-processes for identify context, identify risks, analyze risks, evaluate risks and treat risks. Moreover, it seems that the integration of risk management process and survival analysis indeed brings very useful new insights. Thus, the contribution of the paper will be introducing a new method for performing a risk analysis studies in information security domain.
|Item Type:||Conference or Workshop Item (Paper)|
|Uncontrolled Keywords:||information security risk analysis, information security threats, risk management process, survival analysis|
|Subjects:||H Social Sciences > HD Industries. Land use. Labor > HD28 Management. Industrial Management|
|Deposited By:||Liza Porijo|
|Deposited On:||27 Jul 2012 00:30|
|Last Modified:||27 Jul 2012 00:30|
Repository Staff Only: item control page