Development of metamodel on information security risk audit and assessment for it assets in commercial bank

Abstract

Nowadays, most fortunes of the commercial banks today are linked with Information Technology (IT) assets they possess and the way they audit their organizations IT assets. As information assets become the heart of commercial banks, Information Security Risk Audit and Assessment (ISRAA) is increasingly involved in managing commercial banks information security risk situations. ISRAA is an activity that analysis, audit, mitigates, and monitors the risks associated with IT assets. A more comprehensive and tighter regulatory environment is expected through the improvement on the ISRAA with clearer and appropriately defines regulatory guideline. This research creates a unified view of ISRAA in the form of a metamodel that can be seen as a language for this domain. A metamodeling process is applied to ensure that the outcome metamodel is complete and consistent. The metamodel is validated and refined to serve as a representational layer to unify, facilitate and expedite access to ISRAA expertise.