Journal article

Asset Identification in Information Security Risk Assessment: A Business Practice Approach

P Shedden, A AHMAD, M Smith, H Tscherning, R Scheepers

Communications of the Association for Information Systems | Association for Information Systems | Published : 2016

DOI: 10.17705/1cais.03915

Abstract

Organizations apply information security risk assessment (ISRA) methodologies to systematically and comprehensively identify information assets and related security risks. We review the ISRA literature and identify three key deficiencies in current methodologies that stem from their traditional accountancy-based perspective and a limited view of organizational "assets". In response, we propose a novel rich description method (RDM) that adopts a less formal and more holistic view of information and knowledge assets that exist in modern work environments. We report on an in-depth case study to explore the potential for improved asset identification enabled by the RDM compared to traditional IS..

View full abstract

University of Melbourne Researchers

Citation metrics

36Scopus
18Web of Science
35Dimensions

Keywords

Science & Technology
Computer Science, Information Systems
Organizational Knowledge
Information Security
Model
Risk Assessment
35 Commerce, Management, Tourism and Services
Technology
Computer Science
Strategy
Management
46 Information and Computing Sciences
4609 Information Systems
3503 Business Systems in Context
Rich Description Method
Isra Methodologies