n South African Computer Journal - A new comparison framework for information security risk analysis methodologies : reviewed article




With the advent of corporate governance and IT governance, many organisations wanting to conduct information security risk analysis may find selecting a methodology more than a challenge. Currently there are numerous risk analysis methodologies and tools available, ranging from qualitative to quantitative. These methodologies have a common goal of determining the overall risk value. To ensure maximum return on the investment in a risk analysis methodology, organisations must select the most appropriate methodology based on its specific needs and environment. This article addresses the problem by presenting a framework that can be used to objectively compare different risk analysis methodologies, irrespective of their nature.


Article metrics loading...

This is a required field
Please enter a valid email address
Approval was a Success
Invalid data
An Error Occurred
Approval was partially successful, following selected items could not be processed due to error