Approaches to Risk Analysis Essay

912 Words 4 Pages
When planning any kind of project, especially an information security project, risk analysis is very important. Risk analysis, in the context of information security, is the process of assessing potential threats to an organization and the overall risk they pose to the continued operation of the organization. There are multiple approaches to risk analysis, and multitudes of literature have been published on the subject. In their paper published in 2012, Bhattacharjee and associates introduced two approaches to the risk assessment of an information security system. Bhattacharjee and associates’ method is a two-stage method, with a consolidated analysis, identifying a single risk value for each asset, and a detailed analysis, which defines …show more content…
When planning any kind of project, especially an information security project, risk analysis is very important. Risk analysis, in the context of information security, is the process of assessing potential threats to an organization and the overall risk they pose to the continued operation of the organization. There are multiple approaches to risk analysis, and multitudes of literature have been published on the subject. In their paper published in 2012, Bhattacharjee and associates introduced two approaches to the risk assessment of an information security system. Bhattacharjee and associates’ method is a two-stage method, with a consolidated analysis, identifying a single risk value for each asset, and a detailed analysis, which defines a threat-vulnerability pair for each risk factor (Bhattacharjee, Sengupta, Mazumdar, & Sankar Barik, 2012).
The method first identifies assets and defines seven requirements factors for each: confidentiality, integrity, availability, authenticity, non-repudiation, legal, and impact of loss. Each of these factors is assigned a sliding scale value based upon the intensity of the specific requirement (Bhattacharjee, Sengupta, Mazumdar, & Sankar Barik, 2012). Once all assets have been given their requirements values, the overall asset value is defined. This value is combined with the security concern value, “a function of threats and vulnerabilities associated with an asset” (Bhattacharjee, Sengupta, Mazumdar, & Sankar Barik, 2012). to assign