| Conventional security risk-analysis methodologies focus mainly on the identification of new security services and mechanisms. In our day, the problem with Information System (IS) security is not that secure technologies or products are not present, but rather that ISs are not implemented and used effectively. Consequently, a new approach needs to be researched.; The proposed model consists of a process by which a Global Risk Value (GRV) is dynamically determined for a specific “asset/exposure” pair as the environment changes. This GRV can then be used to generate a prioritized security-related action list to fix implementation flaws. A prototype was built and three cases were analysed to test the model. From the analysis, it is concluded that the technique is promising and may help overcome some of the present barriers to effective risk management created by the dynamic aspect of the new information technology environment. |
PDF Full Text Request