Skip to main content
SpringerLink
Log in
Book cover

International Conference on Global e-Security

ICGeS 2008: Global E-Security pp 257–264Cite as

A Meta-process for Information Security Risk Management

  • Conference paper

Part of the book series: Communications in Computer and Information Science ((CCIS,volume 12))

Abstract

Information security risk management (ISRM) is a major concern of organizations worldwide. Although the number of existing ISRM methodologies is enormous, in practice a lot of resources are invested by organizations in creating new ISRM methodologies in order to capture more accurately the risks of their complex information systems. This is a crucial knowledge-intensive process for organizations, but in most cases it is addressed in an ad hoc manner. The existence of a systematic approach for the development of new or improved ISRM methodologies would enhance the effectiveness of the process. In this paper we propose a systematic meta-process for developing new, or improved ISRM methods. We also present the specifications for a collaboration and knowledge-sharing platform supporting a virtual intra-organizational cross-disciplinary team, which aims at improving its ISRM methodologies by adopting the proposed meta-process.

This is a preview of subscription content, log in via an institution.

Chapter
USD   29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD   84.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever

Tax calculation will be finalised at checkout

Purchases are for personal use only

Learn about institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Symantec: IT Risk Management Report 2: Myths and Realities (2008), http://eval.symantec.com/mktginfo/enterprise/other_resources/b-it_risk_management_report_2_01-2008_12818026.en-us.pdf

  2. ISO/IEC 27005: Information Technology – Security Techniques – Information security risk management. Committee Draft (2004)

    Google Scholar 

  3. Parker, X.L.: Information Technology Audits. CCH, USA (2006)

    Google Scholar 

  4. Flood, R.L., Jackson, M.C.: Creative Problem Solving: Total Systems Intervention. Wiley, Chichester (1991)

    Google Scholar 

  5. Brown, J.S., Duguid, P.: Knowledge and organization: A social-practice perspective. Organization Science 12(2), 198–213 (2001)

    Article  Google Scholar 

  6. ISO/IEC 27001:2005: Information technology – Security techniques – Information security management systems – requirements (2005)

    Google Scholar 

  7. Peltier, T.R.: Information Security Risk Analysis. Auerbach (2001)

    Google Scholar 

  8. Papadaki, K., Polemi, D.: Towards a systematic approach for improving information security risk management methods. In: Proc. 18th Annual IEEE International Symposium on Personal, Indoor and Mobile Radio Communication (PIMRC) (2007)

    Google Scholar 

  9. Midgley, G.: Developing the Methodology of TSI: From the Oblique Use of Methods to Creative Design. Systems Practice 10(3), 305–319 (1997)

    Article  Google Scholar 

  10. COSO (Committee of Sponsoring Organizations of the Treadway Commission): Enterprise Risk Management – Integrated Framework (2004)

    Google Scholar 

  11. Dhillon, G., Backhouse, J.: Current Direction in IS Security Research: Towards Socio-Organizational Perspectives. Information Systems Journal 11, 127–153 (2001)

    Article  Google Scholar 

  12. Siponen, M.: Analysis of modern IS security development approaches: towards the next generation of social and adaptable ISS methods. Information and Organization 15, 339–375 (2005)

    Article  Google Scholar 

  13. Gerber, M., von Solms, R.: Management of risk in the information age. Computers & Security 24, 16–30 (2005)

    Article  Google Scholar 

  14. Nonaka, I., Takeuchi, H.: The Knowledge-Creating Company. Oxford University Press, Oxford (1995)

    Google Scholar 

  15. Ghosh, T.: Creating Incentives for Knowledge Sharing. Technical report, MIT Open Courseware. Sloan school of management, Cambridge, Massachusetts, USA (2004)

    Google Scholar 

  16. Haldin-Herrgard, T.: Difficulties in Diffusion of Tacit Knowledge in Organizations. Journal of Intellectual Capital 1(4), 357–365 (2000)

    Article  Google Scholar 

  17. Hansen, M.T., Nohria, N., Tierney, T.: What’s Your Strategy for Managing Knowledge? Harvard Business Review 77(2), 106–116 (1999)

    Google Scholar 

  18. Desouza, K.C., Awazu, Y., Baloh, P.: Managing Knowledge in Global Software Development Efforts: Issues and Practices. IEEE Software 23(5), 30–37 (2006)

    Article  Google Scholar 

  19. van den Brink, P.: Social, Organization, and Technological Conditions that Enable Knowledge Sharing. PhD thesis, Technische Universiteit Delft (2003)

    Google Scholar 

  20. Nardi, B.A., Schiano, D.J., Gumbrecht, M., Swartz, L.: Why We Blog. Communications of the ACM 47(12), 41–46 (2004)

    Article  Google Scholar 

  21. Fan, W., Wallace, L., Rich, S., Zhang, Z.: Tapping the Power of Text Mining. Communications of the ACM 49(9), 77–82 (2006)

    Article  Google Scholar 

  22. Armstrong, H.: Managing information security in healthcare – an action research experience. In: Proceedings of the Sixteen Annual Working Conference on Information Security (2000)

    Google Scholar 

  23. Butler, S., Fischbeck, P.: Multi-Attribute Risk Assessment. In: Proceedings of the Symposium on Requirements Engineering for Information Security (SREIS) (2002)

    Google Scholar 

  24. Stamatiou, Y., Skipenes, E., Henriksen, E., Stathiakis, N., Sikianakis, A., Charalambous, E., Antonakis, N., Stølen, K., den Braber, F., Soldal Lund, M., Papadaki, K., Valvis, G.: The CORAS approach for model-based risk management applied to a telemedicine service. In: Proceedings of the Medical Informatics Europe (MIE 2003), pp. 206–211. IOS Press, Amsterdam (2003)

    Google Scholar 

  25. ENISA (European Network and Information Security Agency): Risk Management: Implementation principles and Inventories for Risk Management/Risk Assessment methods and tools (2006), http://www.enisa.europa.eu/rmra/files/D1_Inventory_of_Methods_Risk_Management_Final.pdf

  26. de Moor, A., Weigand, H.: Formalizing the evolution of virtual communities. Information Systems 32(2), 223–247 (2007)

    Article  Google Scholar 

  27. Hsu, M., Ju, T., Yen, C., Chang, C.: Knowledge sharing behavior in virtual communities: The relationship between trust, self-efficacy, and outcome expectations. International Journal of Human-Computer Studies 65(2), 153–169 (2007)

    Article  Google Scholar 

  28. Chiu, C., Hsu, M., Wang, E.: Understanding knowledge sharing in virtual communities: An integration of social capital and social cognitive theories. Decision Support Systems 42(3), 1872–1888 (2006)

    Article  Google Scholar 

  29. Yangand, S., Chen, I.: A social network-based system for supporting interactive collaboration in knowledge sharing over peer-to-peer network. International Journal of Human-Computer Studies 66(1), 36–50 (2008)

    Article  Google Scholar 

  30. Jablonski, S.: Guide to web application and platform architectures. Springer, Berlin (2004)

    Book  Google Scholar 

  31. Alonso, G.: Web services: concepts, architectures and applications. Springer, Berlin (2004)

    Book  MATH  Google Scholar 

  32. Olson, D., Wu, D.: Enterprise Risk Management. World Scientific Publishing, Singapore (2007)

    Book  MATH  Google Scholar 

Download references

Author information

Authors and Affiliations

  1. National Technical University of Athens & Bank of Greece, Greece

    Katerina Papadaki

  2. University of Pireaus, Greece

    Nineta Polemi

  3. Technical University of Athens, Greece

    Dimitrios Kon/nos Damilos

Authors
  1. Katerina Papadaki
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Nineta Polemi
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Dimitrios Kon/nos Damilos
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. School of Computing Science, The Burroughs, Middlesex University, NW4 4BT, London, UK

    Hamid Jahankhani

  2. Harrow School of Computer Science, University of Westminster, Watford Road, HA1 3TP, Harrow, UK

    Kenneth Revett

  3. School of Computing and Technology, University of East London, University Way, E16 2RD, London, UK

    Dominic Palmer-Brown

Rights and permissions

Reprints and permissions

Copyright information

© 2008 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Papadaki, K., Polemi, N., Damilos, D.K. (2008). A Meta-process for Information Security Risk Management. In: Jahankhani, H., Revett, K., Palmer-Brown, D. (eds) Global E-Security. ICGeS 2008. Communications in Computer and Information Science, vol 12. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-69403-8_30

Download citation

  • DOI: https://doi.org/10.1007/978-3-540-69403-8_30

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-540-69402-1

  • Online ISBN: 978-3-540-69403-8

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation