Special Offers
- IGI Global’s New Emerging Topic e-Book Collections
  Acquire highly focused and affordable Cutting-Edge Peer-Reviewed Research Content through a selection of 17 topic-focused e-Book Collections discounted up to 90%, compared to list prices. Collection topics include Artificial Intelligence, Data Science, Language Learning, Marketing and Customer Relations, Sustainability, and many more. Hosted on the InfoSci^® platform, these collections feature no DRM, no additional cost for multi-user licensing, no embargo of content, full-text PDF & HTML format, and more.
  Learn More
- Open Access Book (Free Access) - Encyclopedia of Information Science and Technology, Sixth Edition (ISBN: 9781668473665)
  The Encyclopedia of Information Science and Technology, Sixth Edition) continues the legacy set forth by the first five editions by providing comprehensive coverage and up-to-date definitions of the most important issues, concepts, and trends pertaining to technological advancements and information management within a variety of settings and industries. The entire book is being published under open access.
  Read Now
- Open Access Book (Free Access) - Food Sustainability, Environmental Awareness, and Adaptation and Mitigation Strategies for Developing Countries (ISBN: 9781668456293)
  Food Sustainability, Environmental Awareness, and Adaptation and Mitigation Strategies for Developing Countries provides information on the recent technology, mitigation, and environmental protection that must be applied for food sustainability in developing countries. This book is being published under Platinum Open Access through funding from Diponegoro University, Indonesia.
  Read Now
- Open Access Book (Free Access) - New Models of Higher Education: Unbundled, Rebundled, Customized, and DIY (ISBN: 9781668438091)
  The Walmart Corporation and the Lumina Foundation have provided funding to make New Models of Higher Education: Unbundled, Rebundled, Customized, and DIY fully open access, completely removing any paywall between scholars in education and the latest research on new models for the future of higher education.
  Read Now
- Open Access Book (Free Access) - Handbook of Research on the Global View of Open Access and Scholarly Communications (ISBN: 9781799898054)
  Through a collaboration between IGI Global and the University of North Texas, the Handbook of Research on the Global View of Open Access and Scholarly Communications has been published as fully open access, completely removing any paywall between researchers of any field, and the latest research on the equitable and inclusive nature of Open Access and all of its complications.
  Read Now
Books
- - Books by Subject
  - Business, Administration, & Management
  - Scientific, Technical, & Medical (STM)
  - Education
  - Books by Field
Journals
- - Journals
  - OnDemand Journal Articles
  - Journals by Subject
  - Business, Administration, & Management
  - Scientific, Technical, & Medical (STM)
  - Education
  - Journals by Field
e-Collections
Open Access
Publish with Us
Resources
- - Instructors
  - Course Adoption
  - Teaching Cases
  - K-12 Online Learning Collection
  - Authors and Editors
  - eEditorial Discovery^® System
  - Peer Review Process
  - Ethics and Malpractice
  - COPE Membership
  - Fair Use Policy
  - Open Access Publishing
  - FAQ
Catalogs
About Us
Newsroom

A Hybrid Asset-Based IT Risk Management Framework

Baris Cimen, Meltem Mutluturk, Esra Kocak, Bilgin Metin

Source Title: Research Anthology on Business Aspects of Cybersecurity

DOI: 10.4018/978-1-6684-3698-1.ch004

OnDemand:

(Individual Chapters)

Available

$37.50

Current Special Offers

No Current Special Offers

Abstract

Information security has become one of the most important responsibilities of all organizations due to increasing cyber threats. Attackers take advantage of systems vulnerabilities; therefore, system administrators should be aware of potential threats to take necessary actions to protect their organizations and stakeholders. At this point, a risk assessment is needed to discover possible threats for vulnerable systems of the organization and to implement strategies for the business goals. This study proposes a hybrid risk management framework using both qualitative and quantitative methods to analyze risk within organizations and reduce them with practical countermeasures. Based on this framework, case studies have been carried out considering three hypothetical companies identifying possible information security risks, and these risks have been reduced to an acceptable level by applying the proposed risk analysis methodology.

Chapter Preview

Top

Introduction

Cyber-attacks have confounded information technology infrastructure of organizations and posed significant threats to their valuable information resources that have been valued as extremely important assets in cyberspace. Business managers need to be savvy to possible threats, aware of and prepared for both internal and external elements in order to manage cybersecurity risks. Hence, risk analysis procedure assists managers through evaluating possible threats or risks imposed on organizations, measuring the probability and impact of those risks and finally implementing strategies that create additional value to business operations by means of protecting their most precious information assets. Although, the most established risk analysis methodologies give great attention to technical risks, in recent, business organizations need risk analysis that incorporates social and organizational elements of complex systems with technical aspects in order to correctly evaluate and manage those risks. Within this context, the main objective of this paper is to address information risk management concepts considering possible threats and important organizational assets.

Drawing upon BS 7799 (Biery, 2006) information security risk management guidelines, in addition, by contributing additional possible threats, three hypothetical companies have been examined in terms of their business and organizational priorities. To that end, a strategic framework was proposed in order to identify critical business operations and relevant threats along with asset valuation for these three companies. Finally, a summary of evaluations and solutions were proposed to the identified threats for these companies. This study proposes a hybrid risk management framework via using both qualitative and quantitative methods to analyze risks within three hypothetical companies with the aim of incorporating social and organizational aspects alongside technical ones to overcome incompetencies of methods that previous studies did not. The remainder of the paper is structured as follows. The extant literature on cybersecurity risk analysis and management was reviewed and followed by presenting the proposed risk management framework. The paper concludes by providing a summary of the results and an overview of solutions and evaluations.

Complete Chapter List

Search this Book:

Reset

MLA

APA

Chicago

Export Reference

A Hybrid Asset-Based IT Risk Management Framework

Abstract

Introduction

Complete Chapter List