Approaches to Risk Analysis Essay

912 Words4 Pages
When planning any kind of project, especially an information security project, risk analysis is very important. Risk analysis, in the context of information security, is the process of assessing potential threats to an organization and the overall risk they pose to the continued operation of the organization. There are multiple approaches to risk analysis, and multitudes of literature have been published on the subject. In their paper published in 2012, Bhattacharjee and associates introduced two approaches to the risk assessment of an information security system. Bhattacharjee and associates’ method is a two-stage method, with a consolidated analysis, identifying a single risk value for each asset, and a detailed analysis, which defines…show more content…
The authors define four major security frameworks (Control Objectives for Information Technology, ISO/IEC 17799, Information Technology Infrastructure Library, and US NIST SP 800 Series) which can be used to help “quantify the effectiveness of security controls” (Breier & Hudec, 2011). Breier and Hudec go on to show that the ISO 27000 standards contain control objectives that should be used within an organization to ensure that security needs are being met. The authors show that metrics pulled from these standard control objectives can be utilized to determine if a particular risk factor is adequately accounted for. Finally, Breier and Hudec define a mathematical model for defining the risk value of the entire system (Breier & Hudec, 2011). In 2010 Richard Schneider explored the similarities between criminological threat assessment and information security risk analysis. Schneider’s paper put the risk analysis in the context of governmental information security. Based on the fact that governmental information security requires significantly tighter security, Schneider defined a nine step process for performing risk assessment. Schneider identifies identification of threat sources, the second step in the process, as one of the major steps in this process. He identifies three major
Open Document