{"title":"机遇与人为因素的考虑:信息安全风险管理的必要范式转变","authors":"Lisa Rajbhandari","doi":"10.1109/EISIC.2013.32","DOIUrl":null,"url":null,"abstract":"Most of the existing Risk Analysis and Management Methods (RAMMs) focus on threat without taking account of the available opportunity to an entity. Besides, human aspects are not often given much importance in these methods. These issues create a considerable drawback as the available opportunities to an entity (organization, system, etc.) might go unnoticed which might hamper the entity from achieving its objectives. Moreover, understanding the motives of humans play an important role in guiding the risk analysis. This paper reviews several existing RAMMs to highlight the above issues and provides reasoning as to emphasize the importance of these two issues in information security management. From the analysis of the selected methods, we identified that a majority of the methods acknowledge only threat and the consideration of human factors have not been reflected. Although, the issues are not new, these still remain open and the field of risk management needs to be directed towards addressing them. The review is expected to be helpful both to the researchers and practitioners in providing relevant information to consider these issues for further improving the existing RAMMs or when developing new methods.","PeriodicalId":229195,"journal":{"name":"2013 European Intelligence and Security Informatics Conference","volume":"3 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2013-08-12","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"6","resultStr":"{\"title\":\"Consideration of Opportunity and Human Factor: Required Paradigm Shift for Information Security Risk Management\",\"authors\":\"Lisa Rajbhandari\",\"doi\":\"10.1109/EISIC.2013.32\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Most of the existing Risk Analysis and Management Methods (RAMMs) focus on threat without taking account of the available opportunity to an entity. Besides, human aspects are not often given much importance in these methods. These issues create a considerable drawback as the available opportunities to an entity (organization, system, etc.) might go unnoticed which might hamper the entity from achieving its objectives. Moreover, understanding the motives of humans play an important role in guiding the risk analysis. This paper reviews several existing RAMMs to highlight the above issues and provides reasoning as to emphasize the importance of these two issues in information security management. From the analysis of the selected methods, we identified that a majority of the methods acknowledge only threat and the consideration of human factors have not been reflected. Although, the issues are not new, these still remain open and the field of risk management needs to be directed towards addressing them. The review is expected to be helpful both to the researchers and practitioners in providing relevant information to consider these issues for further improving the existing RAMMs or when developing new methods.\",\"PeriodicalId\":229195,\"journal\":{\"name\":\"2013 European Intelligence and Security Informatics Conference\",\"volume\":\"3 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2013-08-12\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"6\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2013 European Intelligence and Security Informatics Conference\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/EISIC.2013.32\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2013 European Intelligence and Security Informatics Conference","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/EISIC.2013.32","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
Consideration of Opportunity and Human Factor: Required Paradigm Shift for Information Security Risk Management
Most of the existing Risk Analysis and Management Methods (RAMMs) focus on threat without taking account of the available opportunity to an entity. Besides, human aspects are not often given much importance in these methods. These issues create a considerable drawback as the available opportunities to an entity (organization, system, etc.) might go unnoticed which might hamper the entity from achieving its objectives. Moreover, understanding the motives of humans play an important role in guiding the risk analysis. This paper reviews several existing RAMMs to highlight the above issues and provides reasoning as to emphasize the importance of these two issues in information security management. From the analysis of the selected methods, we identified that a majority of the methods acknowledge only threat and the consideration of human factors have not been reflected. Although, the issues are not new, these still remain open and the field of risk management needs to be directed towards addressing them. The review is expected to be helpful both to the researchers and practitioners in providing relevant information to consider these issues for further improving the existing RAMMs or when developing new methods.
京公网安备 11010802042870号
京ICP备2023020795号-1
分享
求助内容:
应助结果提醒方式:
扫码关注我们
