Does Traditional Security Risk Assessment have a Future in Information Security?

ABSTRACT

The current information security standards still advocate the use of risk assessment in the prioritisation of security investments. However, prior research on the use of risk assessment methodologies in organisational security has shown that the use of the traditional monolithic risk assessment process described in the current risk management standard is simply not practical at the organisational level. This paper first examines the problems in performing a systematic risk assessment and then discusses the limitations of a traditional risk assessment. To address these limitations, this paper proposes splitting up the current monolithic risk assessment process. The result is an information security assessment framework that puts greater emphasis on situational awareness and allows for better decision making on the prioritization of security investments.


AUTHORS

School of Information Systems, Deakin University,
Australia

Anthonie Ruighaver is an Honorary Fellow at Deakin University in the School of Information Systems in the Faculty of Business and Law. He is a regular contributor to the Information Security Research Group. Previously he was the head of the Computer Security and Forensics Group based at the University of Melbourne. He was the coordinator of an E-crime course conducted as part of a collaboration between Melbourne University and Victoria Police. Dr. Ruighaver's primary interests are in Security Governance and Computer Forensics.

Photo of Professor Matt Warren

RMIT University Centre for Cyber Security Research & Innovation
College of Business and Law, RMIT University
Melbourne, Australia

Centre for Cyber Security, Academy for Computer Science and Software Engineering University of Johannesburg,
Johannesburg, South Africa

Professor Matt Warren is the Director of the RMIT Centre of Cyber Security Research and Innovation and a Professor of Cyber Security at RMIT University, Australia. Professor Warren is a researcher in the areas of cyber security and computer ethics. He has authored and co-authored over 300 books, book chapters, journal papers, and conference papers. He has received numerous grants and awards from national and international funding bodies, such as AustCyber, Australian Research Council (ARC); CyberCRC, Engineering Physical Sciences Research Council (EPSRC) in the UK; National Research Foundation in South Africa and the European Union.

Professor Warren gained his PhD in Information Security Risk Analysis from the University of Plymouth, United Kingdom and he has taught in Australia, Finland, Hong Kong, and the United Kingdom. Professor Warren is a Fellow of the Australian Computer Society.

Department of Computing and Information Systems,University of Melbourne,
Australia

Atif Ahmad is an information security researcher and independent security consultant based at the Department of Information Systems, University of Melbourne. His research interests are in asymmetric warfare and information security risk assessments especially where knowledge artefacts are concerned. In previous years Atif has worked as a consultant for Pinkerton and WorleyParsons where he applied his expertise to Internet corporations and critical infrastructure installations. Atif is a Board Certified Protection Professional (CPP) with the American Society for Industrial Security and holds an adjunct position at the Security Research Institute at Edith Cowan University.

Journal of Information Warfare

The definitive publication for the best and latest research and analysis on information warfare, information operations, and cyber crime. Available in traditional hard copy or online.

Quick Links

View the latest issue of JIW.

Latest Edition

Purchase a subscription to JIW.

Subscribe

Keywords

A

AI
APT

C

C2
C2S
CDX
CIA
CIP
CPS

D

DNS
DoD
DoS

I

IA
ICS

M

S

SOA

X

XRY

Quill Logo

The definitive publication for the best and latest research and analysis on information warfare, information operations, and cyber crime. Available in traditional hard copy or online.

SUBSCRIBE NOW

Get in touch

Principal Office

  • Journal of Information Warfare
  • ArmisteadTEC
  • 525 Landfall Arch,
  • Virginia Beach, VA 23462

Registered Agent and Mailing Address

  • Journal of Information Warfare
  •  ArmisteadTEC
  • Dr Leigh Armistead, President
  • 1624 Wakefield Drive
  • Virginia Beach, VA 23455

 757.510.4574

 JIW@ArmisteadTec.com