The Infona portal uses cookies, i.e. strings of text saved by a browser on the user's device. The portal can access those files and use them to remember the user's data, such as their chosen settings (screen view, interface language, etc.), or their login data. By using the Infona portal the user accepts automatic saving and using this information for portal operation purposes. More information on the subject can be found in the Privacy Policy and Terms of Service. By closing this window the user confirms that they have read the information on cookie usage, and they accept the privacy policy and the way cookies are used by the portal. You can change the cookie settings in your browser.
One of the main features of the Information security management system which should be performed according to the organization requirements is the information security risk management. Risk evaluation and risk ranking is a key procedure in this management activity. This research introduces a new method for ranking risks of information security by using two decision making models, TOPSIS model and...
Business process management aims to create and develop value inside organizations. Though, business processes are exposed to different risks that may cause failures in their execution.
Research in quantitative Information Technology (IT) risk analysis has increased in the past decade, but much of that research has focused on creating new approaches that replace existing ones. Since organizations have extensive sunk costs invested in their risk management programs, there exists a need to extend and improve existing approaches. Additionally, many quantitative approaches are difficult...
Information security audit has become more and more important to organizations. Human is usually the most vulnerable part about information security in an organization. In this paper, we propose a dynamic risk assessment mechanism to help the information security manager realizing the human security awareness and vulnerability assessment in end client devices. The proposed mechanism will generate...
This paper describes the problem of carrying out a physical and logical Security Risk Analysis for an enterprise or Administration organism, considering the management and treatment of both kinds of risks by a new Security department that sprang from the convergence of the old physical and logical Security departments. This paper presents a Risk Analysis methodology that makes it possible to comply...
This paper describes both the necessity of Physical and Logical Security management convergence and its implementation difficulty due to different organization models in most of the correspondent Security departments on enterprises and Administration organisms. This paper presents a methodology that makes it possible to comply with the ISO 31000 standard (for physical security) and ISO 27001 standard...
Security measures taken in isolation and without reference to a concrete and relevant assessment and evaluation of actual risks are doomed to be inefficient. At best they do not address the real issues facing an organization and simply waste resources, at worst they provide management with inappropriate comfort over the level of security management that is in place. This paper reviews the key points...
Risks include the factors that might adversely affect project outcomes. Risk analysis includes the processes concerned with identifying, analyzing and developing security strategy and plans for the factors. Although currently there are known methodologies such as (CCTA Risk Analysis and Management Method (CRAMM) or Consultative, Objective and Bi-functional Risk Analysis (COBRA) and so on) for Risk...
Educational Providers should continually monitor and measure their performance in terms of delivering quality education to the students. Although the importance of such an assessment process has been stressed in the literature, no framework has been proposed that considers all the different relevant factors and determines semantically the level of the quality of education being delivered. In order...
The digital economy needs new indicators for emergent technologies, technical infrastructure for e-commerce and e-business share similar risks, and a risk analysis model is deployed as an Information System research method. The model for service provisioning to business is an evolutionary change of the application service provision which is classified as a sub-sector of the business consultancy in...
Information system development is special and complicated system engineering which requires huge investment and is characteristic of long development cycle, high technical demand, as well as a tendency to be affected by multiple factors. With the economic growth of China and the coming into being of information-based society in 21st century, the requirements on information system development has become...
Due to the interaction between multiple projects and programs, the project portfolio can be regarded as a complicated system. Schedule risk of individual projects will be delivered to the inner portfolio according to this internal relationship of project portfolio. Relative project portfolio managers will take some necessary measures in order to control or shrink the scope of risk influence. However,...
Inter-organizational information system has exploded as a major concern over the last years, since with the exploitation of new information and communication technologies and in particular of Internet the potential to revolutionize, streamline and enhance supply chain operations has flourished. An IOIS is a supra-system that consists of information systems of cooperating partners. IOIS also brings...
Fuzzy cognitive maps are used as project management risk factors decision aids to better assess how change in one part of an IT agile project management organization affects other parts of it. FCM modeling is used to analyze the impact of the changes. It suggested that the initial decision would not yield the expected results so intervention measures were undertaken to reengineer existing relationships...
Software risk are hard to find and harder to manage. This paper focuses on the identification of software risk in incremental model of software development. A thorough handling and avoidance strategy is proposed for the identification of risk factors when the incremental model is used for software development. The risk factors identified may also exist in other software development processes but there...
Information security risk has become an important attention for today' s most organizations and risk management was introduced as an effective mechanism. The risk analysis, including risk identification and estimation, is the basis of risk management. In practice, most studies on risk analysis focus on estimation method and identification of risk elements is nothing but reference to given tables....
This paper develops a framework for analyzing security risk dependencies in organizations and ranking the risks. The framework captures how risk `diffuses' via complex interactions and reaches an equilibrium by introducing a risk-rank algorithm. A conceptual structure of an organization-comprised of business units, security threats/vulnerabilities, and people-is leveraged for modeling risk dependencies...
Dealing with work groups is a challenge for organizations where projects are the main focus. During their activities if cooperation is not adequately coordinated and well supported it can provoke significant delays on the project or can put the final product quality at risk. The goal of this paper is to describe the risks control module, named Risys, to support the execution of project developed by...
The paper considers and discusses two closely related concepts and process, namely risk management and security management. Practically, there is a tendency to consider risk management as a plenty process capable to protect information assets. Based on the literature and international standards, the paper gives an overview of all the aspects and activities related to both processes. risk management...
Network security management plays a crucial role in protecting organization assets and its computer infrastructure. This can be done by identifying the vulnerabilities and developing effective control that reduces the risk of attacks and failures. Network risk assessment is a subjective process that is linked to multiple variables. These variables are associated with the organization assets and their...
Set the date range to filter the displayed results. You can set a starting date, ending date or both. You can enter the dates manually or choose them from the calendar.