| This thesis proposes a new method of assessment within the integrated framework of risk analysis and information security domain. The field of information security is vast and dynamic, and the pervasive use of information technology in organisations has resulted in a widening need for security. However, most researchers have concentrated on specific security requirements and thus there is a lack of a comprehensive method that takes a detailed approach to this issue. There is also a gap in knowledge regarding the identification of appropriate risk measures to be taken by commercial organisations. A number of standards and methods have been developed for the specific security objectives, structures and levels of applications of information security, but most do not comprehensively cover all the pertinent security requirements nor do they provide detailed guidance on how to implement information security risk analysis. |
PDF Full Text Request