A new comprehensive framework for enterprise information security [PDF]

Journals

Download

Books

Register

Sign in

Export

Applied Computing and Informatics Volume 9, Issue 2, July 2011, Pages 107-118 open access

Original Article

A new comprehensive framework for enterprise information security risk management Mohamed S. Saleh a, Abdulkader Alfantookh b Show more https://doi.org/10.1016/j.aci.2011.05.002

Get rights and content

Open Access funded by King Saud University Under a Creative Commons license

Abstract With the wide spread use of e-transactions in enterprises, information security risk management (ISRM) is becoming essential for establishing a safe environment for their activities. This paper is concerned with presenting a comprehensive ISRM framework that enables the effective establishment of the target safe environment. The framework has two structural dimensions; and two procedural dimensions. The structural dimensions include: ISRM “scope” and ISRM “assessment criteria”, while the procedural dimensions include: ISRM “process” and ISRM “assessment tools”. The framework uses the comprehensive STOPE (strategy, technology, organization, people, and environment) view for the ISRM scope; while its assessment criteria is considered to be open to various standards. For the procedural dimensions, the framework uses the widely known six-sigma DMAIC (define, measure, analyze, improve, and control) cycle for the ISRM process; and it considers the use of various assessment tools. It is hoped that the framework would be widely used in the future as an open reference for ISRM. Highlights We present a conceptual information security risk management framework that could integrate the key risk management methods. The structural dimensions of the framework include: “scope” and “assessment criteria” that support its depth and breadth. The procedural dimensions of the framework include: “process” and “assessment tools” that used to enhance its functionality. The framework uses the STOPE (strategy, technology, organization and environment) view for its scope dimension. It also depends on the six-sigma DMAIC (define, measure, analyze, improve and control) model for its process dimension.

Previous article

Next article

Keywords Enterprise security; Information security; Risk management; Six-sigma; STOPE view

Recommended articles

Citing articles (0)

Copyright © 2011 Production and hosting by Elsevier B.V.

About ScienceDirect

Remote access

Shopping cart

Contact and support

Terms and conditions

Privacy policy

Cookies are used by this site. For more information, visit the cookies page. Copyright © 2018 Elsevier B.V. or its licensors or contributors. ScienceDirect ® is a registered trademark of Elsevier B.V.