2018 : A Conceptual Model for Information Security Risk Considering Business Process Perspective

Prof. Ir. Arif Djunaidy M.Sc., Ph.D.


Abstract

Information security risk assessment (ISRA) and modeling has become a prominent topic in the last decade. ISRA methods have been developed by many researchers, showing that this issue is always on the lookout for review. Business process is a new perspective in ISRA domain. In this perspective, risk assessment is based on business processes rather than organization's assets. This research is aimed to conduct a systematic review of the ISRA model developed in recent years. Research papers from 2010 to 2017 were selected and examined in the context of information security risk assessment, modeling, and its relationship with business process management. In addition to the current taxonomy, new aspects were added to analyze these papers, i.e. risk context, adaptive ability, and model purpose. Based on analysis results, two research gaps in information security risk modeling were found. First, risk …