n South African Computer Journal - A new comparison framework for information security risk analysis methodologies : reviewed article

Volume 2006, Issue 37
  • ISSN : 1015-7999
  • E-ISSN: 2313-7835



With the advent of corporate governance and IT governance, many organisations wanting to conduct information security risk analysis may find selecting a methodology more than a challenge. Currently there are numerous risk analysis methodologies and tools available, ranging from qualitative to quantitative. These methodologies have a common goal of determining the overall risk value. To ensure maximum return on the investment in a risk analysis methodology, organisations must select the most appropriate methodology based on its specific needs and environment. This article addresses the problem by presenting a framework that can be used to objectively compare different risk analysis methodologies, irrespective of their nature.

Loading full text...

Full text loading...


Article metrics loading...


This is a required field
Please enter a valid email address
Approval was a Success
Invalid data
An Error Occurred
Approval was partially successful, following selected items could not be processed due to error