Genre-Based Approach to Assessing Information and Knowledge Security Risks

2014 ◽  
Vol 10 (2) ◽  
pp. 13-27 ◽  
Author(s):  
Ali Mohammad Padyab ◽  
Tero Päivärinta ◽  
Dan Harnesk

Contemporary methods for assessing information security risks have adopted mainly technical views on information and technology assets. Organizational dynamics of information management and knowledge sharing have gained less attention. This article outlines a new, genre-based, approach to information security risk assessment in order to orientate toward organization- and knowledge-centric identification and analysis of security risks. In order to operationalize the genre-based approach, we suggest the use of a genre-based analytical method for identifying organizational communication patterns through which organizational knowledge is shared. The genre-based method is then complemented with tasks and techniques from a textbook risk assessment method (OCTAVE Allegro). We discuss the initial experiences of three experienced information security professionals who tested the method. The article concludes with implications of the genre-based approach to analyzing information and knowledge security risks for future research and practice.

Author(s):  
Ali Mohammad Padyab ◽  
Tero Päivärinta ◽  
Dan Harnesk

Contemporary methods for assessing information security risks have adopted mainly technical views on information and technology assets. Organizational dynamics of information management and knowledge sharing have gained less attention. This article outlines a new, genre-based, approach to information security risk assessment in order to orientate toward organization- and knowledge-centric identification and analysis of security risks. In order to operationalize the genre-based approach, we suggest the use of a genre-based analytical method for identifying organizational communication patterns through which organizational knowledge is shared. The genre-based method is then complemented with tasks and techniques from a textbook risk assessment method (OCTAVE Allegro). We discuss the initial experiences of three experienced information security professionals who tested the method. The article concludes with implications of the genre-based approach to analyzing information and knowledge security risks for future research and practice.


2011 ◽  
Vol 130-134 ◽  
pp. 3726-3730
Author(s):  
Ya Ling Yang ◽  
Yan Hui Zhou

Risk assessment for information security is uncertainty. To control these uncertainties is of great significance for effective risk assessment [1].There are many assessment methods, and the conclusions from them are less clear. This paper presents a fuzzy logic based information security risk assessment method FLISRAM. In this method, the results are from a comprehensive assessment for assets, threats and vulnerabilities of the information system.


Sign in / Sign up

Export Citation Format

Share Document