Authors : Palaniappan Shamala and Rabiah Ahmad
Abstract: Information Security Risk Assessment (ISRA) is a vital method for organizations to develop effective and economically-viable control strategies. Organizations wanting to eliminate the possible risks in their organizations by identifying and prioritizing information assets. However, current ISRA methods have critical limitations whereas they adopt mainly on the technicality of organizational assets while, discounting people as knowledgeable entities of the organization and neglecting unofficial copies of assets which are created in any given work environment. A structured approach by Webster and Watson used as guidelines for determining the source material for the review. The result shows the limitation have been discussed separately by various researchers but none of the researchers have combines all the human related non-technical perspective assets together under one frame. This study presents a taxonomy of assets for ISRA with an integration and comprehensive overview of technical and non-technical perspective assets. This taxonomy able to guide ISRA practitioners to examine which assets are most important and enables them to collect all the needed information associated with assets in the early process of their actual ISRA implementation.
Palaniappan Shamala and Rabiah Ahmad, 2016. Generic Taxonomy of Assets Identification During Risk Assessment in Information Security Management. International Business Management, 10: 3982-3991.