dc.contributor.author | Wangen, Gaute | |
dc.date.accessioned | 2018-02-12T11:43:17Z | |
dc.date.available | 2018-02-12T11:43:17Z | |
dc.date.created | 2016-10-17T10:06:30Z | |
dc.date.issued | 2016 | |
dc.identifier.isbn | 978-83-60810-90-3 | |
dc.identifier.uri | http://hdl.handle.net/11250/2484060 | |
dc.description.abstract | Much of the debate surrounding risk management in information security (InfoSec) has been at the academic level, where the question of how practitioners view predominant issues is an essential element often left unexplored. Thus, this article represents an initial insight into how the InfoSec risk professionals see the InfoSec risk assessment (ISRA) field. We present the results of a 46-participant study where have gathered data regarding known issues in ISRA. The survey design was such that we collected both qualitative and quantitative data for analysis. One of the key contributions from the study is knowledge regarding how to handle risks at different organizational tiers, together with an insight into key roles and knowledge needed to conduct risk assessments. Also, we document several issues concerning the application of qualitative and quantitative methods, together with drawbacks and advantages. The findings of the analysis provides incentives to strengthen the research and scientific work for future research in InfoSec management. | nb_NO |
dc.language.iso | eng | nb_NO |
dc.publisher | Institute of Electrical and Electronics Engineers (IEEE) | nb_NO |
dc.relation.ispartof | Annals of Computer Science and Information Systems, Volume 8 Proceedings of the 2016 Federated Conference on Computer Science and Information Systems | |
dc.relation.uri | https://fedcsis.org/proceedings/2016/pliks/158.pdf | |
dc.title | An initial insight into Information Security Risk Assessment practices | nb_NO |
dc.type | Chapter | nb_NO |
dc.description.version | acceptedVersion | nb_NO |
dc.source.pagenumber | 999-1008 | nb_NO |
dc.identifier.cristin | 1392145 | |
dc.description.localcode | © 2016 IEEE. Personal use of this material is permitted. Permission from IEEE must be obtained for all other uses, in any current or future media, including reprinting/republishing this material for advertising or promotional purposes, creating new collective works, for resale or redistribution to servers or lists, or reuse of any copyrighted component of this work in other works. | nb_NO |
cristin.unitcode | 194,18,21,80 | |
cristin.unitname | Norwegian Information Security Lab | |
cristin.ispublished | true | |
cristin.fulltext | original | |
cristin.qualitycode | 1 | |