Abstract
Existing Risk Management (RM) methodologies are mainly expert driven and require a large number of interviews with the security experts, which makes rather inefficient to take into account the knowledge from all the organization’s participants. In this paper we extend the STORM-RM multi-criteria group decision-making methodology. More specifically, we propose specific asset and user models, which make use of the AHP multi-criteria decision-making methodology in order to identify the organization’s assets and calculate their potential security impacts.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
AS/NZS 4360. Risk management standards australia, Strathfield (1999)
Austrian IT Security Handbook, Austrian federal chancellery (2004)
BSI-Standard 100-3. Risk analysis based on it-grundschutz (2005)
CRAMM. Ccta risk analysis and management method, cramm version 5.2 information security toolkit (2003)
Dutch A&K Analysis (1996)
Ebios. Expression des besoins et identification des objectifs de securite (2004)
ISO/IEC:15408-1. Information technology - security techniques - evaluation criteria for it security – part 1: Introduction and general model (2005)
ISO/IEC:27001. Information technology - security techniques - information security management systems - requirements (2005)
MAGERIT. Methodology for information systems risk analysis and management. Public Administration Ministry (2005)
Mehari. Méthode harmonisée d’ analyse de risque (2007)
Theodoros Ntouskas and Nineta Polemi. STORM-RM: A collaborative and multicriteria risk management methodology. To appear in Int. J. Multicriteria Decision Making.
OCTAVE. Octave method implementation guide version 2.0. Carnegie Mellon University, June (2001)
S-PORT. S-port project.
Saaty, T.L.: Decision making with the analytic hierarchy process. Int. J. Service Sci. 1, 83–98 (2008)
Acknowledgements
This work has been performed in the framework of the GSRT/SYNER-GASIA/ S-Port project (09SYN-72-650) (http://s-port.unipi.gr).
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2013 Springer Science+Business Media New York
About this paper
Cite this paper
Ntouskas, T., Kotzanikolaou, P., Polemi, N. (2013). Impact Assessment Through Collaborative Asset Modeling: The STORM-RM Approach. In: Migdalas, A., Sifaleras, A., Georgiadis, C., Papathanasiou, J., Stiakakis, E. (eds) Optimization Theory, Decision Making, and Operations Research Applications. Springer Proceedings in Mathematics & Statistics, vol 31. Springer, New York, NY. https://doi.org/10.1007/978-1-4614-5134-1_21
Download citation
DOI: https://doi.org/10.1007/978-1-4614-5134-1_21
Published:
Publisher Name: Springer, New York, NY
Print ISBN: 978-1-4614-5133-4
Online ISBN: 978-1-4614-5134-1
eBook Packages: Mathematics and StatisticsMathematics and Statistics (R0)