n South African Computer Journal - A new comparison framework for information security risk analysis methodologies : reviewed article
|Article Title||A new comparison framework for information security risk analysis methodologies : reviewed article|
|© Publisher:||South African Computer Society (SAICSIT)|
|Journal||South African Computer Journal|
|Author||Anita Vorster and Les Labuschagne|
|Publication Date||Dec 2006|
|Pages||98 - 106|
|Keyword(s)||Framework for comparison, Information security risk analysis, Methodologies and Risk management|
With the advent of corporate governance and IT governance, many organisations wanting to conduct information security risk analysis may find selecting a methodology more than a challenge. Currently there are numerous risk analysis methodologies and tools available, ranging from qualitative to quantitative. These methodologies have a common goal of determining the overall risk value. To ensure maximum return on the investment in a risk analysis methodology, organisations must select the most appropriate methodology based on its specific needs and environment. This article addresses the problem by presenting a framework that can be used to objectively compare different risk analysis methodologies, irrespective of their nature.
Article metrics loading...