Title | A Proposed Framework for Ranking Critical Information Assets in Information Security Risk Assessment Using the OCTAVE Allegro Method with Decision Support System Methods |
Publication Type | Conference Paper |
Year of Publication | 2019 |
Authors | Prajanti, Anisa Dewi, Ramli, Kalamullah |
Conference Name | 2019 34th International Technical Conference on Circuits/Systems, Computers and Communications (ITC-CSCC) |
Date Published | jun |
Keywords | AHP, analytic hierarchy process, artificial intelligence, asset information mitigation, Critical information asset, critical information assets, decision support system methods, Decision support systems, DSS, Information security, information security risk assessment, Metrics, OCTAVE Allegro, OCTAVE allegro method, OCTAVE Allegro-AHP methods, OCTAVE Allegro-SAW, optimal security mitigation steps, Organizations, pubcrawl, Resiliency, risk analysis, risk management, SAW, Scalability, security of data, security risk assesment, security risk management, Surface acoustic waves |
Abstract | The security of an organization lies not only in physical buildings, but also in its information assets. Safeguarding information assets requires further study to establish optimal security mitigation steps. In determining the appropriate mitigation of information assets, both an information security risk assessment and a clear and measurable rating are required. Most risk management methods do not provide the right focus on ranking the critical information assets of an organization. This paper proposes a framework approach for ranking critical information assets. The proposed framework uses the OCTAVE Allegro method, which focuses on profiling information assets by combining ranking priority measurements using decision support system methods, such as Simple Additive Weighting (SAW) and Analytic Hierarchy Process (AHP). The combined OCTAVE Allegro-SAW and OCTAVE Allegro-AHP methods are expected to better address risk priority as an input to making mitigation decisions for critical information assets. These combinations will help management to avoid missteps in adjusting budget needs allocation or time duration by selecting asset information mitigation using the ranking results of the framework. |
DOI | 10.1109/ITC-CSCC.2019.8793421 |
Citation Key | prajanti_proposed_2019 |