In 2014, we launched our open-access repository which offers full text access to conference proceedings from many of our events including the INC and HAISA series. These papers are free to access and distribute (subject to citing the source).
» Openaccess proceedings » South African Information Security Multi-Conference (SAISMC 2010)
South African Information Security Multi-Conference (SAISMC 2010)
Title: From the Resource to the Business Process Risk Level
Author(s): Stefan Fenz
Keywords: Security, Information security risk management, Business process analysis
Abstract: Although a variety of information security risk management (ISRM) approaches have been proposed, well-founded methods that provide an answer to the following question are still missing: How can the risk level of a business process be determined by taking the risk levels of the involved resources into account? This paper presents our research results regarding resource-based risk analysis methods in order to assign realistic figures concerning the business process risk level. With regard to business processes the research results allow the (semiautomatic) reasoning of the current security status of an organization. In this way we can support decision makers in selecting appropriate controls to reduce risks to an acceptable level; and also in making a reasonable trade-off between investments into security and the need for protection.
Download count: 1466
How to get this paper:
PDF copy of this paper is free to download. You may distribute this copy providing you cite this page as the source.