Abstract
Existing Risk Management (RM) methodologies are mainly expert driven and require a large number of interviews with the security experts, which makes rather inefficient to take into account the knowledge from all the organization’s participants. In this paper we extend the STORM-RM multi-criteria group decision-making methodology. More specifically, we propose specific asset and user models, which make use of the AHP multi-criteria decision-making methodology in order to identify the organization’s assets and calculate their potential security impacts.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
AS/NZS 4360. Risk management standards australia, Strathfield (1999)
Austrian IT Security Handbook, Austrian federal chancellery (2004)
BSI-Standard 100-3. Risk analysis based on it-grundschutz (2005)
CRAMM. Ccta risk analysis and management method, cramm version 5.2 information security toolkit (2003)
Dutch A&K Analysis (1996)
Ebios. Expression des besoins et identification des objectifs de securite (2004)
ISO/IEC:15408-1. Information technology - security techniques - evaluation criteria for it security – part 1: Introduction and general model (2005)
ISO/IEC:27001. Information technology - security techniques - information security management systems - requirements (2005)
MAGERIT. Methodology for information systems risk analysis and management. Public Administration Ministry (2005)
Mehari. Méthode harmonisée d’ analyse de risque (2007)
Theodoros Ntouskas and Nineta Polemi. STORM-RM: A collaborative and multicriteria risk management methodology. To appear in Int. J. Multicriteria Decision Making.
OCTAVE. Octave method implementation guide version 2.0. Carnegie Mellon University, June (2001)
S-PORT. S-port project.
Saaty, T.L.: Decision making with the analytic hierarchy process. Int. J. Service Sci. 1, 83–98 (2008)
Acknowledgements
This work has been performed in the framework of the GSRT/SYNER-GASIA/ S-Port project (09SYN-72-650) (http://s-port.unipi.gr).
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2013 Springer Science+Business Media New York
About this paper
Cite this paper
Ntouskas, T., Kotzanikolaou, P., Polemi, N. (2013). Impact Assessment Through Collaborative Asset Modeling: The STORM-RM Approach. In: Migdalas, A., Sifaleras, A., Georgiadis, C., Papathanasiou, J., Stiakakis, E. (eds) Optimization Theory, Decision Making, and Operations Research Applications. Springer Proceedings in Mathematics & Statistics, vol 31. Springer, New York, NY. https://doi.org/10.1007/978-1-4614-5134-1_21
Download citation
DOI: https://doi.org/10.1007/978-1-4614-5134-1_21
Published:
Publisher Name: Springer, New York, NY
Print ISBN: 978-1-4614-5133-4
Online ISBN: 978-1-4614-5134-1
eBook Packages: Mathematics and StatisticsMathematics and Statistics (R0)