Design Issues and Threats in Security Risk Management

Article Sidebar

PDF
Published: Mar 31, 2016
Keywords:
Risk management, Information Security Management, Management Framework

Main Article Content

Naveen Kumar R
G. Ravindra Babu

Abstract

Risk management can be thought of as a process, a theory, a procedure, or a methodology. Its primary objective is to identify assets, vulnerabilities, and threats and then to protect those assets. Risk management is crucial to any organization for the simple reason that it is the best available tool that enables them to determine the level of protection required for their many different assets at the lowest possible cost. A few different approaches have been created for the purpose of managing the risks associated with information security. These methodologies incorporate a variety of strategies, procedures, and perspectives in order to analyses and evaluate risks.

Article Details

How to Cite
[1]
Naveen Kumar R and G. Ravindra Babu, “Design Issues and Threats in Security Risk Management”, Int. J. Comput. Eng. Res. Trends, vol. 3, no. 3, pp. 152–56, Mar. 2016.
Issue
Vol. 3 No. 3 (2016): March (2016) Issue
Section
Research Articles
Creative Commons License

This work is licensed under a Creative Commons Attribution-NonCommercial 4.0 International License.

IJCERT Policy:

The published work presented in this paper is licensed under the Creative Commons Attribution 4.0 International (CC BY 4.0) license. This means that the content of this paper can be shared, copied, and redistributed in any medium or format, as long as the original author is properly attributed. Additionally, any derivative works based on this paper must also be licensed under the same terms. This licensing agreement allows for broad dissemination and use of the work while maintaining the author's rights and recognition.

By submitting this paper to IJCERT, the author(s) agree to these licensing terms and confirm that the work is original and does not infringe on any third-party copyright or intellectual property rights.

 

References

C. Alberts and A. Dorofee, Managing Information Security Risks: The OCTAVE Approach. Addison Wesley Professional, July 2002.

K. Stolen, F. den Braber, T. Dimitrakos, R. Fredriksen, B. A. Gran, S.-H. Houmb, Y. C. Stamatiou, and J. O. Aagedal., Business Component-Based Software Engineering, ch. Model-based risk assessment in a component-based software engineering process: the CORAS approach to identify security risks, pp. 189– 207. Kluwer, 2003.

C. S. S. Ltd, “Security risk analysis and ISO 17799 / BS7799 compliance tool.” http://www.riskworld.net/.

R. Inc. http://www.riskwatch.com.

M. Hamdi and N. Boudriga, “Computer security risk management: Theory, challenges, and countermeasures,” International Journal of Communication Systems, vol. 18, no. 8, pp. 763–793, 2005.

M. Hamdi and N. Boudrgia, “Computer network security risk management: A survey,” in Jordan International Conference on Computer Science and Engineering, (Jordan), October 2004.

T. R. Peltier, Information Security Risk Analysis. AUERBACH, 1st ed., 2001.

B. A. Fessi, M. Hamdi, S. Benabdallah, and N. Boudriga, “A decisional framework system for computer network intrusion detection,” European Journal of Operational Research, vol. 177, pp. 1824– 1838, 2007.

M. Hamdi, N. Boudriga, and M. S. Obaidat, Handbook of Information Security, vol. 3, ch. Security Policy Guidelines, pp. 945–959. John Wiley & Sons, Inc, 2006.

E. Verzuh, The Portable MBA in Project Management, ch. Project management is a strategic strength, pp. 5– 25. John Wiley & Sons, Inc., 1 ed., 2003.

H. Kerzner, Strategic Planning for Project Management using A Project Management Maturity Model. John Wiley & Sons, Inc., 2001.

K. Heldman, PMP: Project Management Professional Study Guide. SYBEX Inc., 2002.

P. M. Institute, A Guide to the Project Management Body of Knowledge: PMBOK Guide. Project Management Institute, 3rd ed., 2004.

R. L. Kliem and I. S. Ludin, Project Management Practitioner’s Handbook. AMA-COM, 1998.

Harvard Business School, Project Management Manual, October 1997. 9-697-034.

Project management: Guide to project management. No. BS6079-1:2002, British Standards Institute, May 2002.

I. O. for Standardization, ISO 10006:2003 Quality management systems - Guidelines for quality management in projects. June 2003.

I. O. for Standardization, ISO 10007:2003 Quality management systems - Guidelines for configuration management. 2003.

V. Temnenco, “Software estimation, enterprise-wide: Reasons and means.” IBM developer Works, June 15 2007.

H. Leung and Z. Fan, Handbook of Software Engineering and Knowledge Engineering, vol. II, ch. Software Cost Estimation. 2001.

B. Boehm, C. Abts, and S. Chulani, “Software development cost estimation approaches - a survey,” Tech. Rep. USC-CSE-2000-505, USC Center for Software Engineering, April 10 2000.

R. Smith and L. Edwards, “Cocomo- scorm: Interactive courseware project cost modeling,” in Proceedings of International Council of Systems Engineering Con-ference, 2006.

B. Boehm, R. Valerdi, J. A. Lane, and A. W. Brown, “Cocomo suite methodology and evolution,” CROSSTALK The Journal of Defense Software Engineering, pp. 20–25, 2005.

C. A. I. (CAI), “Focus on lawrence putnam: A cai state of the practice interview,” IT Metrics and Productivity Journal, vol. Special Edition, pp. 1–12, September 2006.

O. Marban, E. Menasalvas, and C. Fernandez-Baizan, “A cost model to esti-mate the effort of data mining projects (dmcomo),” Information Systems ournal, vol. 33, pp. 133 – 150, 2008.

B. W. Boehm, C. Abts, A. W. Brown, S. Chulani, B. K. Clark, E. Horowitz, R. Madachy, D. Reifer, and B. Steece, Software Cost Estimation with COCOMO II. Prentice Hall, 2000.

T. E. Hastings and A. Sajeev, “A vector-based approach to software size measurement and effort estimation,” IEEE Transaction on Software Engineering, vol. 27, no. 4, pp. 337–350, 2001.