A Taxonomy of Challenges in Information Security Risk Management

Abstract

Risk Management is viewed by many as the cornerstone of information security and is used to determine what to protect and how. How to approach risk management for information security is an ongoing debate as there are several difficulties in existing approaches. The problems and challenges within the discipline are not easily visible being dispersed throughout literature. There is therefore a need for an overview for both industry and researchers to obtain a holistic picture of the research area and to contribute in making progress. In this paper, we present a taxonomy of identified problems from literature within information security risk management, and highlight some of the important prevailing issues that are contributing to lack of progress within the research field.