An Integrated Approach in Risk Management Process for Identifying Information Security Threats using Medical Research Design
In this paper, we attempt to introduce a new method for performing risk analysis studies by effectively adopting and adapting medical research design namely a prospective cohort study based survival analysis approach into risk management process framework. Under survival analysis approach, a method...
| Main Author: | |
|---|---|
| Format: | Article |
| Language: | English |
| Published: |
Dynamic Publishers Inc., USA
2012
|
| Subjects: | |
| Online Access: | http://eprints.utem.edu.my/id/eprint/3291/ http://eprints.utem.edu.my/id/eprint/3291/1/JIASPaper_181.PDF |
| Summary: | In this paper, we attempt to introduce a new method for performing risk analysis studies by effectively adopting and adapting medical research design namely a prospective cohort study based survival analysis approach into risk management process framework. Under survival analysis approach, a method which is known as Cox Proportional Hazards (PH) Model will be applied in order to identify potential information security threats. The risk management process in this research will be based on Australian/New Zealand Standard for Risk Management (AS/NZS ISO 31000:2009). AS/NZS ISO 31000:2009 provides a sequencing of the core part of the risk management process namely establishing the context, risk identification, risk analysis, risk evaluation and risk treatment. Moreover, it seems that the integration of risk management process with medical approach indeed brings very useful new insights. Thus, the contribution of the paper will be introducing a new method for performing a risk analysis studies in information security domain. |
|---|