资讯安全风险评估(ISRA):系统的文献回顾

Rias Kumalasari Devi, D. I. Sensuse, Kautsarina, Ryan Randy Suryono
{"title":"资讯安全风险评估(ISRA):系统的文献回顾","authors":"Rias Kumalasari Devi, D. I. Sensuse, Kautsarina, Ryan Randy Suryono","doi":"10.20473/jisebi.8.2.207-217","DOIUrl":null,"url":null,"abstract":"Background: Information security is essential for organisations, hence the risk assessment. Information security risk assessment (ISRA) identifies, assesses, and prioritizes risks according to organisational goals. Previous studies have analysed and discussed information security risk assessment. Therefore, it is necessary to understand the models more systematically.\nObjective: This study aims to determine types of ISRA and fill a gap in literature review research by categorizing existing frameworks, models, and methods.\nMethods: The systematic literature review (SLR) approach developed by Kitchenham is applied in this research. A total of 25 studies were selected, classified, and analysed according to defined criteria.\nResults: Most selected studies focus on implementing and developing new models for risk assessment. In addition, most are related to information systems in general.\nConclusion: The findings show that there is no single best framework or model because the best framework needs to be tailored according to organisational goals. Previous researchers have developed several new ISRA models, but empirical evaluation research is needed. Future research needs to develop more robust models for risk assessments for cloud computing systems.\n \nKeywords: Information Security Risk Assessment, ISRA, Security Risk","PeriodicalId":16185,"journal":{"name":"Journal of Information Systems Engineering and Business Intelligence","volume":"22 1","pages":""},"PeriodicalIF":0.0000,"publicationDate":"2022-10-29","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":"{\"title\":\"Information Security Risk Assessment (ISRA): A Systematic Literature Review\",\"authors\":\"Rias Kumalasari Devi, D. I. Sensuse, Kautsarina, Ryan Randy Suryono\",\"doi\":\"10.20473/jisebi.8.2.207-217\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Background: Information security is essential for organisations, hence the risk assessment. Information security risk assessment (ISRA) identifies, assesses, and prioritizes risks according to organisational goals. Previous studies have analysed and discussed information security risk assessment. Therefore, it is necessary to understand the models more systematically.\\nObjective: This study aims to determine types of ISRA and fill a gap in literature review research by categorizing existing frameworks, models, and methods.\\nMethods: The systematic literature review (SLR) approach developed by Kitchenham is applied in this research. A total of 25 studies were selected, classified, and analysed according to defined criteria.\\nResults: Most selected studies focus on implementing and developing new models for risk assessment. In addition, most are related to information systems in general.\\nConclusion: The findings show that there is no single best framework or model because the best framework needs to be tailored according to organisational goals. Previous researchers have developed several new ISRA models, but empirical evaluation research is needed. Future research needs to develop more robust models for risk assessments for cloud computing systems.\\n \\nKeywords: Information Security Risk Assessment, ISRA, Security Risk\",\"PeriodicalId\":16185,\"journal\":{\"name\":\"Journal of Information Systems Engineering and Business Intelligence\",\"volume\":\"22 1\",\"pages\":\"\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2022-10-29\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"0\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"Journal of Information Systems Engineering and Business Intelligence\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.20473/jisebi.8.2.207-217\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"Journal of Information Systems Engineering and Business Intelligence","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.20473/jisebi.8.2.207-217","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
引用次数: 0

摘要

背景:资讯保安对机构来说是必不可少的,因此需要进行风险评估。信息安全风险评估(ISRA)根据组织目标识别、评估风险,并对风险进行优先级排序。以往的研究对信息安全风险评估进行了分析和讨论。因此,有必要更系统地了解这些模型。目的:本研究旨在通过对现有框架、模型和方法进行分类,确定ISRA的类型,填补文献综述研究的空白。方法:采用Kitchenham提出的系统文献综述(SLR)方法进行研究。根据确定的标准,共选择、分类和分析了25项研究。结果:大多数选定的研究侧重于实施和开发新的风险评估模型。此外,大多数与一般的信息系统有关。结论:研究结果表明,没有单一的最佳框架或模型,因为最佳框架需要根据组织目标进行定制。前人已经建立了几种新的ISRA模型,但还需要进行实证评价研究。未来的研究需要为云计算系统的风险评估开发更强大的模型。关键词:信息安全风险评估,ISRA,安全风险
本文章由计算机程序翻译,如有差异,请以英文原文为准。
查看原文
分享 分享
微信好友 朋友圈 QQ好友 复制链接
本刊更多论文
Information Security Risk Assessment (ISRA): A Systematic Literature Review
Background: Information security is essential for organisations, hence the risk assessment. Information security risk assessment (ISRA) identifies, assesses, and prioritizes risks according to organisational goals. Previous studies have analysed and discussed information security risk assessment. Therefore, it is necessary to understand the models more systematically. Objective: This study aims to determine types of ISRA and fill a gap in literature review research by categorizing existing frameworks, models, and methods. Methods: The systematic literature review (SLR) approach developed by Kitchenham is applied in this research. A total of 25 studies were selected, classified, and analysed according to defined criteria. Results: Most selected studies focus on implementing and developing new models for risk assessment. In addition, most are related to information systems in general. Conclusion: The findings show that there is no single best framework or model because the best framework needs to be tailored according to organisational goals. Previous researchers have developed several new ISRA models, but empirical evaluation research is needed. Future research needs to develop more robust models for risk assessments for cloud computing systems.   Keywords: Information Security Risk Assessment, ISRA, Security Risk
求助全文
通过发布文献求助,成功后即可免费获取论文全文。 去求助
来源期刊
CiteScore
0.30
自引率
0.00%
发文量
0
期刊最新文献
Sentiment Analysis on a Large Indonesian Product Review Dataset Leveraging Biotic Interaction Knowledge Graph and Network Analysis to Uncover Insect Vectors of Plant Virus Model-based Decision Support System Using a System Dynamics Approach to Increase Corn Productivity Optimizing Support Vector Machine Performance for Parkinson's Disease Diagnosis Using GridSearchCV and PCA-Based Feature Extraction A Practical Approach to Enhance Data Quality Management in Government: Case Study of Indonesian Customs and Excise Office
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
现在去查看 取消
×
提示
确定
0
微信
客服QQ
Book学术公众号 扫码关注我们
反馈
×
意见反馈
请填写您的意见或建议
请填写您的手机或邮箱
已复制链接
已复制链接
快去分享给好友吧!
我知道了
×
扫码分享
扫码分享
Book学术官方微信
Book学术文献互助
Book学术文献互助群
群 号:481959085
Book学术
文献互助 智能选刊 最新文献 互助须知 联系我们:info@booksci.cn
Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。
Copyright © 2023 Book学术 All rights reserved.
ghs 京公网安备 11010802042870号 京ICP备2023020795号-1